CDRIVER-3592 check new buffer allocated size just before reallocating

rcsanchez97 · rcsanchez97 · commit 9449e3a4723b · 2020-03-30T12:24:42.000-04:00
diff --git a/src/libmongoc/src/mongoc/mongoc-buffer.c b/src/libmongoc/src/mongoc/mongoc-buffer.c
@@ -134,14 +134,14 @@ _mongoc_buffer_append (mongoc_buffer_t *buffer,
    BSON_ASSERT (data_size);
 
    BSON_ASSERT (buffer->datalen);
-   BSON_ASSERT ((buffer->datalen + data_size) < INT_MAX);
 
    if (!SPACE_FOR (buffer, data_size)) {
       if (buffer->len) {
          memmove (&buffer->data[0], buffer->data, buffer->len);
       }
 
       if (!SPACE_FOR (buffer, data_size)) {
+         BSON_ASSERT ((buffer->datalen + data_size) < INT_MAX);
          buffer->datalen = bson_next_power_of_two (data_size + buffer->len);
          buffer->data = (uint8_t *) buffer->realloc_func (
             buffer->data, buffer->datalen, NULL);
@@ -191,14 +191,14 @@ _mongoc_buffer_append_from_stream (mongoc_buffer_t *buffer,
    BSON_ASSERT (size);
 
    BSON_ASSERT (buffer->datalen);
-   BSON_ASSERT ((buffer->datalen + size) < INT_MAX);
 
    if (!SPACE_FOR (buffer, size)) {
       if (buffer->len) {
          memmove (&buffer->data[0], buffer->data, buffer->len);
       }
 
       if (!SPACE_FOR (buffer, size)) {
+         BSON_ASSERT ((buffer->datalen + size) < INT_MAX);
          buffer->datalen = bson_next_power_of_two (size + buffer->len);
          buffer->data = (uint8_t *) buffer->realloc_func (
             buffer->data, buffer->datalen, NULL);
@@ -330,9 +330,9 @@ _mongoc_buffer_try_append_from_stream (mongoc_buffer_t *buffer,
    BSON_ASSERT (size);
 
    BSON_ASSERT (buffer->datalen);
-   BSON_ASSERT ((buffer->datalen + size) < INT_MAX);
 
    if (!SPACE_FOR (buffer, size)) {
+      BSON_ASSERT ((buffer->datalen + size) < INT_MAX);
       buffer->datalen = bson_next_power_of_two (size + buffer->len);
       buffer->data =
          (uint8_t *) buffer->realloc_func (buffer->data, buffer->datalen, NULL);
