[gnutls-devel] GnuTLS | build: avoid potential integer overflow in array allocation (!1392)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Thu Feb 25 07:20:15 CET 2021




Daiki Ueno commented on a discussion on lib/x509/ocsp.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392#note_516789411

>  				goto fail;
>  			}
>  
> -			new_ocsps = gnutls_realloc(*ocsps, (*size + 1)*sizeof(gnutls_ocsp_resp_t));
> +			new_ocsps = _gnutls_reallocarray(*ocsps,
> +							 *size + 1,

I suppose there is a trade-off (i.e. alloc cost vs the frequency of the function call), but this specific case is about realloc, which should already have an [optimization](https://sourceware.org/glibc/wiki/MallocInternals#Realloc_Algorithm) underneath to avoid frequent malloc-copy-free.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1392#note_516789411
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210225/ad44fbf4/attachment.html>


More information about the Gnutls-devel mailing list