From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Thu, 11 Feb 2021 00:44:34 +0000 (+0200)
Subject: lib: buffer_create_dynamic_max() - Fix max_size handling
X-Git-Tag: 2.3.17~103
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=34d72ca7f2bd32047fa30b0a9fb1746d97068849;p=thirdparty%2Fdovecot%2Fcore.git

lib: buffer_create_dynamic_max() - Fix max_size handling

Never allocate buffer larger than its max_size, since it's just wasted
memory. Also clarify that the allocation can actually go up to max_size+1
because of str_c() NUL byte reservation.
---

diff --git a/src/lib/buffer.c b/src/lib/buffer.c
index b08cd27935..d1d505a525 100644
--- a/src/lib/buffer.c
+++ b/src/lib/buffer.c
@@ -74,8 +74,15 @@ buffer_check_limits(struct real_buffer *buf, size_t pos, size_t data_size)
 				pool_get_name(buf->pool));
 		}
 
-		buffer_alloc(buf, pool_get_exp_grown_size(buf->pool, buf->alloc,
-							  new_size + 1));
+		size_t new_alloc_size =
+			pool_get_exp_grown_size(buf->pool, buf->alloc,
+						new_size + 1);
+		if (new_alloc_size > buf->max_size) {
+			/* limit to max_size, but do include +1 for
+			   str_c() NUL */
+			new_alloc_size = buf->max_size + 1;
+		}
+		buffer_alloc(buf, new_alloc_size);
 	}
 #if 0
 	else if (new_size > buf->used && buf->alloced &&
diff --git a/src/lib/buffer.h b/src/lib/buffer.h
index d915346a20..902ec88b6a 100644
--- a/src/lib/buffer.h
+++ b/src/lib/buffer.h
@@ -35,7 +35,8 @@ void buffer_create_from_const_data(buffer_t *buffer,
    current size it's grown. */
 buffer_t *buffer_create_dynamic(pool_t pool, size_t init_size);
 /* Create a dynamically growing buffer with a maximum size. Writes past the
-   maximum size will i_panic(). */
+   maximum size will i_panic(). Internally allow it to grow max_size+1 so
+   str_c() NUL can be used. */
 buffer_t *buffer_create_dynamic_max(pool_t pool, size_t init_size,
 				    size_t max_size);