X-Git-Url: https://git.m6w6.name/?a=blobdiff_plain;f=lib%2Fmemcached_string.c;h=30d8e1754bd767f2ed495e5b48734baec66f5a96;hb=03f069ae2f50dd6de7ee5f466b0101cccbea4293;hp=e2f140178f8f44b54b5ed2277474791a41929f9e;hpb=7eb4f57fd1daa46652091414e381f7842833bc6a;p=awesomized%2Flibmemcached

diff --git a/lib/memcached_string.c b/lib/memcached_string.c
index e2f14017..30d8e175 100644
--- a/lib/memcached_string.c
+++ b/lib/memcached_string.c
@@ -6,12 +6,19 @@ memcached_return memcached_string_check(memcached_string_st *string, size_t need
   {
     size_t current_offset= string->end - string->string;
     char *new_value;
-    size_t adjust= (need - (size_t)(string->current_size - (size_t)(string->end - string->string))) / string->block_size;
+    size_t adjust;
+    size_t new_size;
 
+    /* This is the block multiplier. To keep it larger and surive division errors we must round it up */
+    adjust= (need - (size_t)(string->current_size - (size_t)(string->end - string->string))) / string->block_size;
     adjust++;
 
-    new_value= (char *)realloc(string->string, 
-                               sizeof(char) * ((adjust * string->block_size) + string->current_size));
+    new_size= sizeof(char) * (size_t)((adjust * string->block_size) + string->current_size);
+    /* Test for overflow */
+    if (new_size < need)
+      return MEMCACHED_MEMORY_ALLOCATION_FAILURE;
+
+    new_value= (char *)realloc(string->string, new_size);
 
     if (new_value == NULL)
       return MEMCACHED_MEMORY_ALLOCATION_FAILURE;
@@ -80,9 +87,10 @@ memcached_return memcached_string_append(memcached_st *ptr, memcached_string_st
 
   if (rc != MEMCACHED_SUCCESS)
     return rc;
-  
+
+  WATCHPOINT_ASSERT(length <= string->current_size);
   WATCHPOINT_ASSERT(string->string);
-  WATCHPOINT_ASSERT(string->end >= string->string && string->end <= string->string + string->current_size);
+  WATCHPOINT_ASSERT(string->end >= string->string);
 
   memcpy(string->end, value, length);
   string->end+= length;