Loading...
--- xnu/xnu-2050.22.13/libkern/c++/OSData.cpp
+++ xnu/xnu-2782.40.9/libkern/c++/OSData.cpp
@@ -56,12 +56,6 @@
#define ACCUMSIZE(s)
#endif
-struct OSData::ExpansionData
-{
- DeallocFunction deallocFunction;
- bool disableSerialization;
-};
-
bool OSData::initWithCapacity(unsigned int inCapacity)
{
if (!super::init())
@@ -224,24 +218,29 @@
unsigned int OSData::ensureCapacity(unsigned int newCapacity)
{
unsigned char * newData;
+ unsigned int finalCapacity;
if (newCapacity <= capacity)
return capacity;
- newCapacity = (((newCapacity - 1) / capacityIncrement) + 1)
+ finalCapacity = (((newCapacity - 1) / capacityIncrement) + 1)
* capacityIncrement;
- newData = (unsigned char *) kalloc(newCapacity);
-
+ // integer overflow check
+ if (finalCapacity < newCapacity)
+ return capacity;
+
+ newData = (unsigned char *) kalloc(finalCapacity);
+
if ( newData ) {
- bzero(newData + capacity, newCapacity - capacity);
+ bzero(newData + capacity, finalCapacity - capacity);
if (data) {
bcopy(data, newData, capacity);
kfree(data, capacity);
}
- ACCUMSIZE( newCapacity - capacity );
+ ACCUMSIZE( finalCapacity - capacity );
data = (void *) newData;
- capacity = newCapacity;
+ capacity = finalCapacity;
}
return capacity;
@@ -447,8 +446,8 @@
if (!reserved)
{
reserved = (typeof(reserved)) kalloc(sizeof(ExpansionData));
- if (!reserved) return;
- bzero(reserved, sizeof(ExpansionData));
+ if (!reserved) return;
+ bzero(reserved, sizeof(ExpansionData));
}
reserved->deallocFunction = func;
}