From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 27 Mar 2023 11:02:08 +0000 (+0200)
Subject: dynbuf: never allocate larger than "toobig"
X-Git-Tag: curl-8_1_0~291
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5a10f487783557c8d1886b2bcc4eaae34c80ca2a;p=thirdparty%2Fcurl.git

dynbuf: never allocate larger than "toobig"

As dynbufs always have a fixed maximum size which they are not allowed
to grow larger than, making sure that it never allocates a larger buffer
makes sure the buffer does not allocate memory that will never be used.

Closes #10845
---

diff --git a/lib/dynbuf.c b/lib/dynbuf.c
index bd3b9356c7..0c9c491aeb 100644
--- a/lib/dynbuf.c
+++ b/lib/dynbuf.c
@@ -76,6 +76,7 @@ static CURLcode dyn_nappend(struct dynbuf *s,
   DEBUGASSERT(s->toobig);
   DEBUGASSERT(indx < s->toobig);
   DEBUGASSERT(!s->leng || s->bufr);
+  DEBUGASSERT(a <= s->toobig);
 
   if(fit > s->toobig) {
     Curl_dyn_free(s);
@@ -84,7 +85,9 @@ static CURLcode dyn_nappend(struct dynbuf *s,
   else if(!a) {
     DEBUGASSERT(!indx);
     /* first invoke */
-    if(fit < MIN_FIRST_ALLOC)
+    if(MIN_FIRST_ALLOC > s->toobig)
+      a = s->toobig;
+    else if(fit < MIN_FIRST_ALLOC)
       a = MIN_FIRST_ALLOC;
     else
       a = fit;
@@ -92,6 +95,9 @@ static CURLcode dyn_nappend(struct dynbuf *s,
   else {
     while(a < fit)
       a *= 2;
+    if(a > s->toobig)
+      /* no point in allocating a larger buffer than this is allowed to use */
+      a = s->toobig;
   }
 
   if(a != s->allc) {