diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2018-07-30 09:55:47 +0100 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2018-07-30 09:55:47 +0100 |
| commit | 6d9dd5fb9d0e9f4a174f53a0e20a39fbe809c71e (patch) | |
| tree | a60591188270f2ec5ade8eef780b26da5ddf0efd /qobject/qstring.c | |
| parent | 18a398f6a39df4b08ff86ac0d38384193ca5f4cc (diff) | |
| parent | ba891d68b4ff17faaea3d3a8bfd82af3eed0a134 (diff) | |
| download | focaccia-qemu-6d9dd5fb9d0e9f4a174f53a0e20a39fbe809c71e.tar.gz focaccia-qemu-6d9dd5fb9d0e9f4a174f53a0e20a39fbe809c71e.zip | |
Merge remote-tracking branch 'remotes/armbru/tags/pull-qobject-2018-07-27-v2' into staging
QObject patches for 2018-07-27 (3.0.0-rc3) # gpg: Signature made Sat 28 Jul 2018 08:10:39 BST # gpg: using RSA key 3870B400EB918653 # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653 * remotes/armbru/tags/pull-qobject-2018-07-27-v2: qstring: Move qstring_from_substr()'s @end one to the right qstring: Assert size calculations don't overflow qstring: Fix qstring_from_substr() not to provoke int overflow Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'qobject/qstring.c')
| -rw-r--r-- | qobject/qstring.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/qobject/qstring.c b/qobject/qstring.c index afca54b47a..0f1510e792 100644 --- a/qobject/qstring.c +++ b/qobject/qstring.c @@ -37,21 +37,23 @@ size_t qstring_get_length(const QString *qstring) * * Return string reference */ -QString *qstring_from_substr(const char *str, int start, int end) +QString *qstring_from_substr(const char *str, size_t start, size_t end) { QString *qstring; + assert(start <= end); + qstring = g_malloc(sizeof(*qstring)); qobject_init(QOBJECT(qstring), QTYPE_QSTRING); - qstring->length = end - start + 1; + qstring->length = end - start; qstring->capacity = qstring->length; + assert(qstring->capacity < SIZE_MAX); qstring->string = g_malloc(qstring->capacity + 1); memcpy(qstring->string, str + start, qstring->length); qstring->string[qstring->length] = 0; - return qstring; } @@ -62,13 +64,15 @@ QString *qstring_from_substr(const char *str, int start, int end) */ QString *qstring_from_str(const char *str) { - return qstring_from_substr(str, 0, strlen(str) - 1); + return qstring_from_substr(str, 0, strlen(str)); } static void capacity_increase(QString *qstring, size_t len) { if (qstring->capacity < (qstring->length + len)) { + assert(len <= SIZE_MAX - qstring->capacity); qstring->capacity += len; + assert(qstring->capacity <= SIZE_MAX / 2); qstring->capacity *= 2; /* use exponential growth */ qstring->string = g_realloc(qstring->string, qstring->capacity + 1); |