22 lines
849 B
Diff
22 lines
849 B
Diff
diff -ur kdelibs-4.2.98/kjs/collector.cpp kdelibs-4.2.98-cve-2009-1687/kjs/collector.cpp
|
|
--- kdelibs-4.2.98/kjs/collector.cpp 2009-04-30 20:02:44.000000000 +0200
|
|
+++ kdelibs-4.2.98-cve-2009-1687/kjs/collector.cpp 2009-07-26 03:52:44.000000000 +0200
|
|
@@ -31,6 +31,7 @@
|
|
#include "value.h"
|
|
|
|
#include <setjmp.h>
|
|
+#include <limits.h>
|
|
#include <algorithm>
|
|
|
|
#if PLATFORM(DARWIN)
|
|
@@ -109,6 +110,9 @@
|
|
|
|
void append(CollectorBlock* block) {
|
|
if (m_used == m_capacity) {
|
|
+ static const size_t maxNumBlocks = ULONG_MAX / sizeof(CollectorBlock*) / GROWTH_FACTOR;
|
|
+ if (m_capacity > maxNumBlocks)
|
|
+ CRASH();
|
|
m_capacity = max(MIN_ARRAY_SIZE, m_capacity * GROWTH_FACTOR);
|
|
m_data = static_cast<CollectorBlock **>(fastRealloc(m_data, m_capacity * sizeof(CollectorBlock *)));
|
|
}
|