Check for overflow when resizing a heap

Ensure that the heap size calculations produce the correct answers,
and use `isc_mem_reget()` instead of calling `get` and `put`.

Closes #4122

diff --git a/lib/isc/heap.c b/lib/isc/heap.c
index 7b0cc28854184ac972030ca56dc592818fa954ac..816b80db87bb88edbf637a1f9c655bfa42875934 100644 (file)
--- a/lib/isc/heap.c
+++ b/lib/isc/heap.c
@@ -26,6 +26,7 @@
 #include <isc/heap.h>
 #include <isc/magic.h>
 #include <isc/mem.h>
+#include <isc/overflow.h>
 #include <isc/string.h> /* Required for memmove. */
 #include <isc/util.h>
 
@@ -123,20 +124,17 @@ isc_heap_destroy(isc_heap_t **heapp) {
 
 static void
 resize(isc_heap_t *heap) {
-       void **new_array;
-       unsigned int new_size;
+       unsigned int new_size, new_bytes, old_bytes;
 
        REQUIRE(VALID_HEAP(heap));
 
-       new_size = heap->size + heap->size_increment;
-       new_array = isc_mem_get(heap->mctx, new_size * sizeof(void *));
-       if (heap->array != NULL) {
-               memmove(new_array, heap->array, heap->size * sizeof(void *));
-               isc_mem_put(heap->mctx, heap->array,
-                           heap->size * sizeof(void *));
-       }
+       new_size = ISC_CHECKED_ADD(heap->size, heap->size_increment);
+       new_bytes = ISC_CHECKED_MUL(new_size, sizeof(void *));
+       old_bytes = ISC_CHECKED_MUL(heap->size, sizeof(void *));
+
        heap->size = new_size;
-       heap->array = new_array;
+       heap->array = isc_mem_reget(heap->mctx, heap->array, old_bytes,
+                                   new_bytes);
 }
 
 static void