Skip to content

Commit d41623e

Browse files
radaretrufae
radare
authored and
trufae
committed
Check the vec reserve before emplacing it back ##crash
1 parent 78e83bb commit d41623e

File tree

1 file changed

+18
-6
lines changed

1 file changed

+18
-6
lines changed

libr/include/r_vec.h

Lines changed: 18 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -331,7 +331,9 @@ extern "C" {
331331
const ut64 capacity = R_VEC_CAPACITY (vec); \
332332
if (R_UNLIKELY (num_elems == capacity)) { \
333333
const ut64 new_capacity = capacity == 0 ? 8 : capacity * 2; \
334-
R_VEC_FUNC(vec_type, reserve) (vec, new_capacity); \
334+
if (!R_VEC_FUNC(vec_type, reserve) (vec, new_capacity)) { \
335+
return; \
336+
} \
335337
} \
336338
*vec->_end = *value; \
337339
vec->_end++; \
@@ -342,7 +344,9 @@ extern "C" {
342344
const ut64 capacity = R_VEC_CAPACITY (vec); \
343345
if (R_UNLIKELY (num_elems == capacity)) { \
344346
const ut64 new_capacity = capacity == 0 ? 8 : capacity * 2; \
345-
R_VEC_FUNC(vec_type, reserve) (vec, new_capacity); \
347+
if (!R_VEC_FUNC(vec_type, reserve) (vec, new_capacity)) { \
348+
return NULL; \
349+
} \
346350
} \
347351
type *ptr = vec->_end; \
348352
vec->_end++; \
@@ -354,7 +358,9 @@ extern "C" {
354358
const ut64 capacity = R_VEC_CAPACITY (vec); \
355359
if (R_UNLIKELY (num_elems == capacity)) { \
356360
const ut64 new_capacity = capacity == 0 ? 8 : capacity * 2; \
357-
R_VEC_FUNC(vec_type, reserve) (vec, new_capacity); \
361+
if (!R_VEC_FUNC(vec_type, reserve) (vec, new_capacity)) { \
362+
return; \
363+
} \
358364
} \
359365
memmove (vec->_start + 1, vec->_start, num_elems * sizeof (type)); \
360366
*vec->_start = *value; \
@@ -366,7 +372,9 @@ extern "C" {
366372
const ut64 capacity = R_VEC_CAPACITY (vec); \
367373
if (R_UNLIKELY (num_elems == capacity)) { \
368374
const ut64 new_capacity = capacity == 0 ? 8 : capacity * 2; \
369-
R_VEC_FUNC(vec_type, reserve) (vec, new_capacity); \
375+
if (!R_VEC_FUNC(vec_type, reserve) (vec, new_capacity)) { \
376+
return NULL; \
377+
} \
370378
} \
371379
memmove (vec->_start + 1, vec->_start, num_elems * sizeof (type)); \
372380
vec->_end++; \
@@ -379,13 +387,17 @@ extern "C" {
379387
const ut64 num_values = R_VEC_FUNC(vec_type, length) (values); \
380388
const ut64 total_count = num_elems + num_values; \
381389
if (total_count > capacity) { \
382-
R_VEC_FUNC(vec_type, reserve) (vec, total_count); \
390+
if (!R_VEC_FUNC(vec_type, reserve) (vec, total_count)) { \
391+
return; \
392+
} \
383393
} \
384394
if (copy_fn) { \
385395
type const *src; \
386396
R_VEC_FOREACH (values, src) { \
387397
type *dst = R_VEC_FUNC(vec_type, emplace_back) (vec); \
388-
copy_fn (dst, src); \
398+
if (dst) { \
399+
copy_fn (dst, src); \
400+
} \
389401
} \
390402
} else { \
391403
memcpy (vec->_end, values->_start, num_values * sizeof (type)); \

0 commit comments

Comments
 (0)