|
20 | 20 |
|
21 | 21 | #include <bson/bson-compat.h> |
22 | 22 | #include <bson/bson-config.h> |
| 23 | +#include <bson/bson-cmp.h> |
23 | 24 | #include <bson/bson-string.h> |
24 | 25 | #include <bson/bson-memory.h> |
25 | 26 | #include <bson/bson-utf8.h> |
@@ -61,16 +62,25 @@ bson_string_t * |
61 | 62 | bson_string_new (const char *str) /* IN */ |
62 | 63 | { |
63 | 64 | bson_string_t *ret; |
| 65 | + size_t len_sz; |
64 | 66 |
|
65 | 67 | ret = bson_malloc0 (sizeof *ret); |
66 | | - ret->len = str ? (int) strlen (str) : 0; |
| 68 | + if (str) { |
| 69 | + len_sz = strlen (str); |
| 70 | + BSON_ASSERT (len_sz <= UINT32_MAX); |
| 71 | + ret->len = (uint32_t) len_sz; |
| 72 | + } else { |
| 73 | + ret->len = 0; |
| 74 | + } |
67 | 75 | ret->alloc = ret->len + 1; |
68 | 76 |
|
69 | 77 | if (!bson_is_power_of_two (ret->alloc)) { |
70 | | - ret->alloc = (uint32_t) bson_next_power_of_two ((size_t) ret->alloc); |
| 78 | + len_sz = bson_next_power_of_two ((size_t) ret->alloc); |
| 79 | + BSON_ASSERT (len_sz <= UINT32_MAX); |
| 80 | + ret->alloc = (uint32_t) len_sz; |
71 | 81 | } |
72 | 82 |
|
73 | | - BSON_ASSERT (ret->alloc >= 1); |
| 83 | + BSON_ASSERT (ret->alloc >= ret->len + 1); |
74 | 84 |
|
75 | 85 | ret->str = bson_malloc (ret->alloc); |
76 | 86 |
|
@@ -126,17 +136,24 @@ bson_string_append (bson_string_t *string, /* IN */ |
126 | 136 | const char *str) /* IN */ |
127 | 137 | { |
128 | 138 | uint32_t len; |
| 139 | + size_t len_sz; |
129 | 140 |
|
130 | 141 | BSON_ASSERT (string); |
131 | 142 | BSON_ASSERT (str); |
132 | 143 |
|
133 | | - len = (uint32_t) strlen (str); |
| 144 | + len_sz = strlen (str); |
| 145 | + BSON_ASSERT (bson_in_range_unsigned (uint32_t, len_sz)); |
| 146 | + len = (uint32_t) len_sz; |
134 | 147 |
|
135 | 148 | if ((string->alloc - string->len - 1) < len) { |
| 149 | + BSON_ASSERT (string->alloc <= UINT32_MAX - len); |
136 | 150 | string->alloc += len; |
137 | 151 | if (!bson_is_power_of_two (string->alloc)) { |
138 | | - string->alloc = (uint32_t) bson_next_power_of_two ((size_t) string->alloc); |
| 152 | + len_sz = bson_next_power_of_two ((size_t) string->alloc); |
| 153 | + BSON_ASSERT (len_sz <= UINT32_MAX); |
| 154 | + string->alloc = (uint32_t) len_sz; |
139 | 155 | } |
| 156 | + BSON_ASSERT (string->alloc >= string->len + len); |
140 | 157 | string->str = bson_realloc (string->str, string->alloc); |
141 | 158 | } |
142 | 159 |
|
|
0 commit comments