From e842ecce1a66dea8ddbf12c769ad74c25c1c1c74 Mon Sep 17 00:00:00 2001
From: Francesco Chemolli <kinkie@squid-cache.org>
Date: Wed, 31 Jul 2013 18:11:54 +0200
Subject: [PATCH] Tightened size checks in reserveSpace, reserveCapacity and
 rawSpace

---
 src/SBuf.cc | 6 ++++--
 src/SBuf.h  | 6 +++++-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/SBuf.cc b/src/SBuf.cc
index 64f1a82d69..933634652c 100644
--- a/src/SBuf.cc
+++ b/src/SBuf.cc
@@ -183,14 +183,16 @@ SBuf::assign(const char *S, size_type n)
 void
 SBuf::reserveCapacity(size_type minCapacity)
 {
-    Must(0 <= minCapacity); //upper bound checked in cow -> reAlloc
+    Must(0 <= minCapacity);
+    Must(minCapacity <= maxSize);
     cow(minCapacity);
 }
 
 char *
 SBuf::rawSpace(size_type minSpace)
 {
-    Must(0 <= minSpace); //upper bound checked in cow -> reAlloc
+    Must(0 <= minSpace);
+    Must(minSpace <= maxSize);
     debugs(24, 7, "reserving " << minSpace << " for " << id);
     ++stats.rawAccess;
     // we're not concerned about RefCounts here,
diff --git a/src/SBuf.h b/src/SBuf.h
index 91ae9ae34d..6e64aa988a 100644
--- a/src/SBuf.h
+++ b/src/SBuf.h
@@ -416,7 +416,11 @@ public:
      * used portion and single ownership of the backing store.
      * \throw SBufTooBigException if the user tries to allocate too big a SBuf
      */
-    void reserveSpace(size_type minSpace) {reserveCapacity(length()+minSpace);}
+    void reserveSpace(size_type minSpace) {
+        Must(0 <= minSpace);
+        Must(minSpace <= maxSize);
+        reserveCapacity(length()+minSpace);
+    }
 
     /** Request to guarantee the SBuf's store capacity
      *
-- 
2.47.3