[Bf-blender-cvs] [a16e4652e3c] master: Fix integer overflow in BLI_mempool_as_arrayN()
Sergey Sharybin
noreply at git.blender.org
Fri Mar 6 15:37:07 CET 2020
Commit: a16e4652e3c80504790730b66145b7aef14b3648
Author: Sergey Sharybin
Date: Fri Mar 6 15:33:47 2020 +0100
Branches: master
https://developer.blender.org/rBa16e4652e3c80504790730b66145b7aef14b3648
Fix integer overflow in BLI_mempool_as_arrayN()
`(size_t)(int * int)` will actually cast overflown integer to size_t,
which isn't what was intended here. Correct thing would be to cast
in the following manner `(size_t)int * int`.
In this particular case can as well use function which is designed to
allocate an array of memory without overflow.
===================================================================
M source/blender/blenlib/intern/BLI_mempool.c
===================================================================
diff --git a/source/blender/blenlib/intern/BLI_mempool.c b/source/blender/blenlib/intern/BLI_mempool.c
index 2b931507633..4182aab2190 100644
--- a/source/blender/blenlib/intern/BLI_mempool.c
+++ b/source/blender/blenlib/intern/BLI_mempool.c
@@ -526,7 +526,7 @@ void BLI_mempool_as_array(BLI_mempool *pool, void *data)
*/
void *BLI_mempool_as_arrayN(BLI_mempool *pool, const char *allocstr)
{
- char *data = MEM_mallocN((size_t)(pool->totused * pool->esize), allocstr);
+ char *data = MEM_malloc_arrayN(pool->totused, pool->esize, allocstr);
BLI_mempool_as_array(pool, data);
return data;
}
More information about the Bf-blender-cvs
mailing list