[Pkg-privacy-commits] [libotr] 58/225: * src/proto.c: gcc 4.2 with -O2 assumes that integer overflow never occurs when optimizing away tests, including those for integer overflow. The code was made more specific.

[Ximin Luo]

This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to branch master
in repository libotr.

commit 4fda5a77f7724f6b9d176bbd1595101c49eb8179
Author: cypherpunk <cypherpunk>
Date:   Wed Aug 6 17:25:51 2008 +0000

    	* src/proto.c: gcc 4.2 with -O2 assumes that integer overflow
    	never occurs when optimizing away tests, including those for
    	integer overflow.  The code was made more specific.
---
 ChangeLog   |  6 ++++++
 src/proto.c | 19 ++++++++++++-------
 2 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 45298c0..4077cfa 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2008-08-06:
+
+	* src/proto.c: gcc 4.2 with -O2 assumes that integer overflow
+	never occurs when optimizing away tests, including those for
+	integer overflow.  The code was made more specific.
+
 2008-07-09:
 
 	* src/privkey.h:
diff --git a/src/proto.c b/src/proto.c
index 9d21c0e..561fd95 100644
--- a/src/proto.c
+++ b/src/proto.c
@@ -777,17 +777,19 @@ OtrlFragmentResult otrl_proto_fragment_accumulate(char **unfragmessagep,
 	if (k > 0 && n > 0 && k <= n && start > 0 && end > 0 && start < end) {
 	    if (k == 1) {
 		int fraglen = end - start - 1;
+		size_t newsize = fraglen + 1;
 		free(context->fragment);
-		context->fragment = malloc(fraglen + 1);
-		if (fraglen + 1 > fraglen && context->fragment) {
+		context->fragment = NULL;
+		if (newsize > fraglen) {  /* Check for overflow */
+		    context->fragment = malloc(newsize);
+		}
+		if (context->fragment) {
 		    memmove(context->fragment, tag + start, fraglen);
 		    context->fragment_len = fraglen;
 		    context->fragment[context->fragment_len] = '\0';
 		    context->fragment_n = n;
 		    context->fragment_k = k;
 		} else {
-		    free(context->fragment);
-		    context->fragment = NULL;
 		    context->fragment_len = 0;
 		    context->fragment_n = 0;
 		    context->fragment_k = 0;
@@ -795,9 +797,12 @@ OtrlFragmentResult otrl_proto_fragment_accumulate(char **unfragmessagep,
 	    } else if (n == context->fragment_n &&
 		    k == context->fragment_k + 1) {
 		int fraglen = end - start - 1;
-		char *newfrag = realloc(context->fragment,
-			context->fragment_len + fraglen + 1);
-		if (context->fragment_len + fraglen + 1 > fraglen && newfrag) {
+		char *newfrag = NULL;
+		size_t newsize = context->fragment_len + fraglen + 1;
+		if (newsize > fraglen) {  /* Check for overflow */
+		    newfrag = realloc(context->fragment, newsize);
+		}
+		if (newfrag) {
 		    context->fragment = newfrag;
 		    memmove(context->fragment + context->fragment_len,
 			    tag + start, fraglen);

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/libotr.git