prevent write-past-end-of-buffer when signed value wraps (#15868)

This commit is contained in:
Jamiras 2023-11-05 16:32:46 -07:00 committed by GitHub
parent 1a97b0edd4
commit b43e1f3caf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -22,11 +22,13 @@ void* rc_alloc_scratch(void* pointer, int32_t* offset, uint32_t size, uint32_t a
buffer = &scratch->buffer;
do {
const uint32_t aligned_buffer_offset = (buffer->offset + alignment - 1) & ~(alignment - 1);
const uint32_t remaining = sizeof(buffer->buffer) - aligned_buffer_offset;
if (aligned_buffer_offset < sizeof(buffer->buffer)) {
const uint32_t remaining = sizeof(buffer->buffer) - aligned_buffer_offset;
if (remaining >= size) {
/* claim the required space from an existing buffer */
return rc_alloc(buffer->buffer, &buffer->offset, size, alignment, NULL, -1);
if (remaining >= size) {
/* claim the required space from an existing buffer */
return rc_alloc(buffer->buffer, &buffer->offset, size, alignment, NULL, -1);
}
}
if (!buffer->next)