Loading...
libkern/c++/OSSerializeBinary.cpp xnu-3789.1.32 xnu-4570.71.2
--- xnu/xnu-3789.1.32/libkern/c++/OSSerializeBinary.cpp
+++ xnu/xnu-4570.71.2/libkern/c++/OSSerializeBinary.cpp
@@ -69,8 +69,9 @@
     unsigned int newCapacity;
     size_t       alignSize;
 
-	alignSize = ((size + 3) & ~3L);
-	newCapacity = length + alignSize;
+	if (os_add_overflow(size, 3, &alignSize)) return (false);
+	alignSize &= ~3L;
+	if (os_add_overflow(length, alignSize, &newCapacity)) return (false);
 	if (newCapacity >= capacity) 
 	{
 	   newCapacity = (((newCapacity - 1) / capacityIncrement) + 1) * capacityIncrement;
@@ -92,8 +93,9 @@
     // add to tag array
 	tags->setObject(o);
 
-	alignSize = ((size + sizeof(key) + 3) & ~3L);
-	newCapacity = length + alignSize;
+	if (os_add3_overflow(size, sizeof(key), 3, &alignSize)) return (false);
+	alignSize &= ~3L;
+	if (os_add_overflow(length, alignSize, &newCapacity)) return (false);
 	if (newCapacity >= capacity) 
 	{
 	   newCapacity = (((newCapacity - 1) / capacityIncrement) + 1) * capacityIncrement;
@@ -267,7 +269,7 @@
 
 	OSObject ** stackArray;
 	uint32_t    stackCapacity;
-	enum      { stackCapacityMax = 64*1024 };
+	enum      { stackCapacityMax = 64 };
 	uint32_t    stackIdx;
 
     OSObject     * result;
@@ -409,7 +411,7 @@
 				sym = OSDynamicCast(OSSymbol, sym);
 				if (!sym && (str = OSDynamicCast(OSString, str)))
 				{
-				    sym = (OSSymbol *) OSSymbol::withString(str);
+				    sym = const_cast<OSSymbol *>(OSSymbol::withString(str));
                     ok = (sym != 0);
                     if (!ok) break;
 				}
@@ -430,14 +432,12 @@
 
 		if (!ok) break;
 
+        if (end) parent = 0;
 		if (newCollect)
 		{
-			if (!end)
-			{
-				stackIdx++;
-				setAtIndex(stack, stackIdx, parent);
-				if (!ok) break;
-			}
+            stackIdx++;
+            setAtIndex(stack, stackIdx, parent);
+            if (!ok) break;
 			DEBG("++stack[%d] %p\n", stackIdx, parent);
 			parent = o;
 			dict   = newDict;
@@ -448,11 +448,15 @@
 
 		if (end)
 		{
-			if (!stackIdx) break;
-			parent = stackArray[stackIdx];
-			DEBG("--stack[%d] %p\n", stackIdx, parent);
-			stackIdx--;
-			set   = 0; 
+            while (stackIdx)
+            {
+                parent = stackArray[stackIdx];
+                DEBG("--stack[%d] %p\n", stackIdx, parent);
+                stackIdx--;
+                if (parent) break;
+            }
+            if (!parent) break;
+			set   = 0;
 			dict  = 0; 
 			array = 0;
 			if (!(dict = OSDynamicCast(OSDictionary, parent)))