diff options
author | Jeffrey Stedfast <fejj@ximian.com> | 2004-03-12 05:24:20 +0800 |
---|---|---|
committer | Jeffrey Stedfast <fejj@src.gnome.org> | 2004-03-12 05:24:20 +0800 |
commit | 25d5f6251d040ee5e6c4dc88f6adf5dae85e2c5d (patch) | |
tree | 9f1e07cb37322c6f2c6ccba5e89668229886953f /camel | |
parent | 2e1f2dee91cb4232f1ca47167f1954d198447b87 (diff) | |
download | gsoc2013-evolution-25d5f6251d040ee5e6c4dc88f6adf5dae85e2c5d.tar gsoc2013-evolution-25d5f6251d040ee5e6c4dc88f6adf5dae85e2c5d.tar.gz gsoc2013-evolution-25d5f6251d040ee5e6c4dc88f6adf5dae85e2c5d.tar.bz2 gsoc2013-evolution-25d5f6251d040ee5e6c4dc88f6adf5dae85e2c5d.tar.lz gsoc2013-evolution-25d5f6251d040ee5e6c4dc88f6adf5dae85e2c5d.tar.xz gsoc2013-evolution-25d5f6251d040ee5e6c4dc88f6adf5dae85e2c5d.tar.zst gsoc2013-evolution-25d5f6251d040ee5e6c4dc88f6adf5dae85e2c5d.zip |
Sanity check that count is <1024 and also use g_try_malloc so that we can
2004-03-11 Jeffrey Stedfast <fejj@ximian.com>
* camel-object.c (cobject_state_read): Sanity check that count is
<1024 and also use g_try_malloc so that we can recover if malloc
fails.
svn path=/trunk/; revision=25036
Diffstat (limited to 'camel')
-rw-r--r-- | camel/ChangeLog | 7 | ||||
-rw-r--r-- | camel/camel-object.c | 8 |
2 files changed, 12 insertions, 3 deletions
diff --git a/camel/ChangeLog b/camel/ChangeLog index 5a8c3949c7..d75244005b 100644 --- a/camel/ChangeLog +++ b/camel/ChangeLog @@ -1,3 +1,9 @@ +2004-03-11 Jeffrey Stedfast <fejj@ximian.com> + + * camel-object.c (cobject_state_read): Sanity check that count is + <1024 and also use g_try_malloc so that we can recover if malloc + fails. + 2004-03-11 Not Zed <NotZed@Ximian.com> * providers/imap/camel-imap-store.c (no_such_folder): removed @@ -62,6 +68,7 @@ * camel-store.h: time to fix up the camelfolderinfo mess. fix some member names, and add some type fields. Fixed all uses. +>>>>>>> 1.2033 2004-03-04 Not Zed <NotZed@Ximian.com> ** See bug #53355. diff --git a/camel/camel-object.c b/camel/camel-object.c index 2af07e15e2..4875774652 100644 --- a/camel/camel-object.c +++ b/camel/camel-object.c @@ -434,13 +434,15 @@ cobject_state_read(CamelObject *obj, FILE *fp) CamelArgV *argv; if (camel_file_util_decode_uint32(fp, &count) == -1 - || count == 0) { + || count == 0 || count > 1024) { /* maybe it was just version 0 afterall */ return 0; } - + /* we batch up the properties and set them in one go */ - argv = g_malloc(sizeof(*argv) + (count - CAMEL_ARGV_MAX) * sizeof(argv->argv[0])); + if (!(argv = g_try_malloc (sizeof (*argv) + (count - CAMEL_ARGV_MAX) * sizeof (argv->argv[0])))) + return -1; + argv->argc = 0; for (i=0;i<count;i++) { if (camel_file_util_decode_uint32(fp, &argv->argv[argv->argc].tag) == -1) |