does this to return a current watermark value for a later release of
allocated store. */
-if (size < 0)
- {
+if (size < 0 || size >= INT_MAX/2)
log_write(0, LOG_MAIN|LOG_PANIC_DIE,
"bad memory allocation requested (%d bytes) at %s %d",
size, func, linenumber);
- }
/* Round up the size to a multiple of the alignment. Although this looks a
messy statement, because "alignment" is a constant expression, the compiler can
int inc = newsize - oldsize;
int rounded_oldsize = oldsize;
-if (newsize < 0)
- {
+if (oldsize < 0 || newsize < oldsize || newsize >= INT_MAX/2)
log_write(0, LOG_MAIN|LOG_PANIC_DIE,
"bad memory extension requested (%d -> %d bytes) at %s %d",
oldsize, newsize, func, linenumber);
- }
/* Check that the block being extended was already of the required taint status;
refuse to extend if not. */
die_tainted(US"store_newblock", CUS func, linenumber);
#endif
+if (len < 0 || len > newsize)
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE,
+ "bad memory extension requested (%d -> %d bytes) at %s %d",
+ len, newsize, func, linenumber);
+
newtext = store_get(newsize, tainted);
memcpy(newtext, block, len);
if (release_ok) store_release_3(block, pool, func, linenumber);
{
void * yield;
+if (size < 0 || size >= INT_MAX/2)
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE,
+ "bad memory allocation requested (%d bytes) at %s %d",
+ size, func, line);
+
if (size < 16) size = 16;
if (!(yield = malloc((size_t)size)))
git://git.exim.org / exim.git / commitdiff