return NULL;
}
+ /* XXXX why not just do fstat here? */
size = filesize = (size_t) lseek(fd, 0, SEEK_END);
lseek(fd, 0, SEEK_SET);
/* ensure page alignment */
int r;
if (size == 0)
return -1; /* no place for the NUL */
- if (size > SSIZE_T_MAX-16)
+ if (size > SIZE_T_CEILING)
return -1;
#ifdef MS_WINDOWS
r = _vsnprintf(str, size, format, args);
tor_assert(env);
tor_assert(data);
tor_assert(sig);
+ tor_assert(datalen < SIZE_T_CEILING);
+ tor_assert(siglen < SIZE_T_CEILING);
if (crypto_digest(digest,data,datalen)<0) {
log_warn(LD_BUG, "couldn't compute digest");
tor_assert(env);
tor_assert(from);
tor_assert(to);
+ tor_assert(fromlen < SIZE_T_CEILING);
overhead = crypto_get_rsa_padding_overhead(crypto_get_rsa_padding(padding));
pkeylen = crypto_pk_keysize(env);
crypto_cipher_env_t *cipher = NULL;
char *buf = NULL;
+ tor_assert(fromlen < SIZE_T_CEILING);
pkeylen = crypto_pk_keysize(env);
if (fromlen <= pkeylen) {
int len;
unsigned char *buf, *cp;
len = i2d_RSAPublicKey(pk->key, NULL);
- if (len < 0 || (size_t)len > dest_len)
+ if (len < 0 || (size_t)len > dest_len || dest_len > SIZE_T_CEILING)
return -1;
cp = buf = tor_malloc(len+1);
len = i2d_RSAPublicKey(pk->key, &cp);
{
int n = 0;
char *end = out+outlen;
+ tor_assert(outlen < SIZE_T_CEILING);
+
while (*in && out<end) {
*out++ = *in++;
if (++n == 4 && *in && out<end) {
tor_assert(from);
tor_assert(fromlen);
tor_assert(to);
+ tor_assert(fromlen < SIZE_T_CEILING);
aes_crypt(env->cipher, from, fromlen, to);
return 0;
tor_assert(env);
tor_assert(from);
tor_assert(to);
+ tor_assert(fromlen < SIZE_T_CEILING);
aes_crypt(env->cipher, from, fromlen, to);
return 0;
int
crypto_cipher_crypt_inplace(crypto_cipher_env_t *env, char *buf, size_t len)
{
+ tor_assert(len < SIZE_T_CEILING);
aes_crypt_inplace(env->cipher, buf, len);
return 0;
}
static memarea_chunk_t *
alloc_chunk(size_t sz, int freelist_ok)
{
+ tor_assert(sz < SIZE_T_CEILING);
if (freelist && freelist_ok) {
memarea_chunk_t *res = freelist;
freelist = res->next_chunk;
memarea_chunk_t *chunk = area->first;
char *result;
tor_assert(chunk);
+ tor_assert(sz < SIZE_T_CEILING);
if (sz == 0)
sz = 1;
if (chunk->next_mem+sz > chunk->u.mem+chunk->mem_size) {
size_t ln;
char *result;
const char *cp, *end = s+n;
+ tor_assert(n < SIZE_T_CEILING);
for (cp = s; cp < end && *cp; ++cp)
;
/* cp now points to s+n, or to the 0 in the string. */
mp_pool_t *pool;
size_t alloc_size, new_chunk_cap;
+ tor_assert(item_size < SIZE_T_CEILING);
+ tor_assert(chunk_capacity < SIZE_T_CEILING);
+ tor_assert(SIZE_T_CEILING / item_size > chunk_capacity);
+
pool = ALLOC(sizeof(mp_pool_t));
CHECK_ALLOC(pool);
memset(pool, 0, sizeof(mp_pool_t));
{
void *result;
+ tor_assert(size < SIZE_T_CEILING);
+
#ifndef MALLOC_ZERO_WORKS
/* Some libc mallocs don't work when size==0. Override them. */
if (size==0) {
{
char *dup;
tor_assert(s);
+ tor_assert(n < SIZE_T_CEILING);
dup = _tor_malloc((n+1) DMALLOC_FN_ARGS);
/* Performance note: Ordinarily we prefer strlcpy to strncpy. But
* this function gets called a whole lot, and platform strncpy is
_tor_memdup(const void *mem, size_t len DMALLOC_PARAMS)
{
char *dup;
+ tor_assert(len < SIZE_T_CEILING);
tor_assert(mem);
dup = _tor_malloc(len DMALLOC_FN_ARGS);
memcpy(dup, mem, len);
_tor_malloc_roundup(size_t *sizep DMALLOC_PARAMS)
{
#ifdef HAVE_MALLOC_GOOD_SIZE
+ tor_assert(*sizep < SIZE_T_CEILING);
*sizep = malloc_good_size(*sizep);
return _tor_malloc(*sizep DMALLOC_FN_ARGS);
#elif 0 && defined(HAVE_MALLOC_USABLE_SIZE) && !defined(USE_DMALLOC)
/* Never use malloc_usable_size(); it makes valgrind really unhappy,
* and doesn't win much in terms of usable space where it exists. */
- void *result = _tor_malloc(*sizep DMALLOC_FN_ARGS);
+ void *result;
+ tor_assert(*sizep < SIZE_T_CEILING);
+ result = _tor_malloc(*sizep DMALLOC_FN_ARGS);
*sizep = malloc_usable_size(result);
return result;
#else
return NULL;
}
- if ((uint64_t)(statbuf.st_size)+1 > SIZE_T_MAX)
+ if ((uint64_t)(statbuf.st_size)+1 > SIZE_T_CEILING)
return NULL;
string = tor_malloc((size_t)(statbuf.st_size+1));
projects / thirdparty / tor.git / commitdiff
