OSOrderedSet.cpp diff - libkern/c++/OSOrderedSet.cpp - Xnu source code xnu-1228

libkern/c++/OSOrderedSet.cpp xnu-1228 ⇄ xnu-2782.1.97
--- xnu/xnu-1228/libkern/c++/OSOrderedSet.cpp
+++ xnu/xnu-2782.1.97/libkern/c++/OSOrderedSet.cpp
@@ -63,9 +63,12 @@
 initWithCapacity(unsigned int inCapacity,
                  OSOrderFunction inOrdering, void *inOrderingRef)
 {
-    int size;
+    unsigned int size;
 
     if (!super::init())
+        return false;
+
+    if (inCapacity > (UINT_MAX / sizeof(_Element)))
         return false;
 
     size = sizeof(_Element) * inCapacity;
@@ -125,15 +128,19 @@
 unsigned int OSOrderedSet::ensureCapacity(unsigned int newCapacity)
 {
     _Element *newArray;
-    int oldSize, newSize;
+    unsigned int finalCapacity, oldSize, newSize;
 
     if (newCapacity <= capacity)
         return capacity;
 
     // round up
-    newCapacity = (((newCapacity - 1) / capacityIncrement) + 1)
+    finalCapacity = (((newCapacity - 1) / capacityIncrement) + 1)
                 * capacityIncrement;
-    newSize = sizeof(_Element) * newCapacity;
+    if ((finalCapacity < newCapacity) ||
+        (finalCapacity > (UINT_MAX / sizeof(_Element)))) {
+        return capacity;
+    }
+    newSize = sizeof(_Element) * finalCapacity;
 
     newArray = (_Element *) kalloc(newSize);
     if (newArray) {
@@ -145,7 +152,7 @@
         bzero(&newArray[capacity], newSize - oldSize);
         kfree(array, oldSize);
         array = newArray;
-        capacity = newCapacity;
+        capacity = finalCapacity;
     }
 
     return capacity;
@@ -205,7 +212,7 @@
 
 
 #define ORDER(obj1,obj2) \
-    (ordering ? ((*ordering)( (OSObject *) obj1, (OSObject *) obj2, orderingRef)) : 0)
+    (ordering ? ((*ordering)( (const OSObject *) obj1, (const OSObject *) obj2, orderingRef)) : 0)
 
 bool OSOrderedSet::setObject(const OSMetaClassBase *anObject )
 {
@@ -226,9 +233,9 @@
 
     for (i = 0; i < count; i++) {
 
-        if( deleted)
+        if (deleted)
             array[i-1] = array[i];
-        else if( (array[i].obj == anObject)) {
+        else if (array[i].obj == anObject) {
             deleted = true;
 	    haveUpdated();	// Pity we can't flush the log
             array[i].obj->taggedRelease(OSTypeID(OSCollection));
@@ -264,13 +271,13 @@
 //    if( pri)
 //	*pri = array[index].pri;
 
-    return( (OSObject *) array[index].obj );
+    return( const_cast<OSObject *>((const OSObject *) array[index].obj) );
 }
 
 OSObject *OSOrderedSet::getFirstObject() const
 {
     if( count)
-        return( (OSObject *) array[0].obj );
+        return( const_cast<OSObject *>((const OSObject *) array[0].obj) );
     else
 	return( 0 );
 }
@@ -278,7 +285,7 @@
 OSObject *OSOrderedSet::getLastObject() const
 {
     if( count)
-        return( (OSObject *) array[count-1].obj );
+        return( const_cast<OSObject *>((const OSObject *) array[count-1].obj) );
     else
 	return( 0 );
 }
@@ -342,7 +349,7 @@
     unsigned int index = (*iteratorP)++;
 
     if (index < count)
-        *ret = (OSObject *) array[index].obj;
+        *ret = const_cast<OSObject *>((const OSObject *) array[index].obj);
     else
         *ret = 0;