From 33e60e8e78543462d31e8c6a7c3577ffe18b6647 Mon Sep 17 00:00:00 2001 From: tpearson Date: Wed, 29 Sep 2010 05:15:51 +0000 Subject: Critical security patches for the following vulnerabilities: CVE-2009-0689 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698 CVE-2009-2702 git-svn-id: svn://anonsvn.kde.org/home/kde/branches/trinity/kdelibs@1180823 283d02a7-25f6-0310-bc7c-ecb5cbfe19da --- khtml/css/css_valueimpl.cpp | 4 +- khtml/css/cssparser.cpp | 11 ++- khtml/html/AlwaysInline.h | 49 ++++++++++ khtml/html/Platform.h | 218 ++++++++++++++++++++++++++++++++++++++++++++ khtml/html/RefPtr.h | 202 ++++++++++++++++++++++++++++++++++++++++ khtml/html/htmlparser.cpp | 10 +- khtml/html/htmlparser.h | 3 +- kio/kssl/kopenssl.cc | 7 ++ kio/kssl/kopenssl.h | 5 + kio/kssl/ksslcertificate.cc | 4 +- kjs/collector.cpp | 4 + 11 files changed, 507 insertions(+), 10 deletions(-) create mode 100644 khtml/html/AlwaysInline.h create mode 100644 khtml/html/Platform.h create mode 100644 khtml/html/RefPtr.h diff --git a/khtml/css/css_valueimpl.cpp b/khtml/css/css_valueimpl.cpp index 73a53d5d2..52e962725 100644 --- a/khtml/css/css_valueimpl.cpp +++ b/khtml/css/css_valueimpl.cpp @@ -736,7 +736,9 @@ DOM::DOMString CSSPrimitiveValueImpl::cssText() const text = getValueName(m_value.ident); break; case CSSPrimitiveValue::CSS_ATTR: - // ### + text = "attr("; + text += DOMString( m_value.string ); + text += ")"; break; case CSSPrimitiveValue::CSS_COUNTER: text = "counter("; diff --git a/khtml/css/cssparser.cpp b/khtml/css/cssparser.cpp index 23eeb69a9..d167af025 100644 --- a/khtml/css/cssparser.cpp +++ b/khtml/css/cssparser.cpp @@ -1351,6 +1351,14 @@ bool CSSParser::parseContent( int propId, bool important ) if ( args->size() != 1) return false; Value *a = args->current(); + if (a->unit != CSSPrimitiveValue::CSS_IDENT) { + isValid=false; + break; + } + if (qString(a->string)[0] == '-') { + isValid=false; + break; + } parsedValue = new CSSPrimitiveValueImpl(domString(a->string), CSSPrimitiveValue::CSS_ATTR); } else @@ -1403,7 +1411,8 @@ CSSValueImpl* CSSParser::parseCounterContent(ValueList *args, bool counters) CounterImpl *counter = new CounterImpl; Value *i = args->current(); -// if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid; + if (i->unit != CSSPrimitiveValue::CSS_IDENT) goto invalid; + if (qString(i->string)[0] == '-') goto invalid; counter->m_identifier = domString(i->string); if (counters) { i = args->next(); diff --git a/khtml/html/AlwaysInline.h b/khtml/html/AlwaysInline.h new file mode 100644 index 000000000..71fe82928 --- /dev/null +++ b/khtml/html/AlwaysInline.h @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2005, 2007 Apple Inc. All rights reserved. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public License + * along with this library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301, USA. + * + */ + +#include "html/Platform.h" + + +#ifndef ALWAYS_INLINE +#if COMPILER(GCC) && defined(NDEBUG) && __GNUC__ > 3 +#define ALWAYS_INLINE inline __attribute__ ((__always_inline__)) +#elif COMPILER(MSVC) && defined(NDEBUG) +#define ALWAYS_INLINE __forceinline +#else +#define ALWAYS_INLINE inline +#endif +#endif + +#ifndef ALWAYS_INLINE_INTO +#if COMPILER(GCC) && defined(NDEBUG) && ((__GNUC__ == 4 && __GNUC_MINOR__ >= 1) || __GNUC__ > 4) +#define ALWAYS_INLINE_INTO __attribute__ ((__flatten__)) +#else +#define ALWAYS_INLINE_INTO +#endif +#endif + + +#ifndef NEVER_INLINE +#if COMPILER(GCC) && __GNUC__ > 3 +#define NEVER_INLINE __attribute__ ((__noinline__)) +#else +#define NEVER_INLINE +#endif +#endif diff --git a/khtml/html/Platform.h b/khtml/html/Platform.h new file mode 100644 index 000000000..3cdd7177b --- /dev/null +++ b/khtml/html/Platform.h @@ -0,0 +1,218 @@ +/* -*- mode: c++; c-basic-offset: 4 -*- */ +/* + * Copyright (C) 2006 Apple Computer, Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE COMPUTER, INC. OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY + * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef WTF_Platform_h +#define WTF_Platform_h + +/* Force KDE build here in our tree... */ +#ifndef BUILDING_KDE__ +#define BUILDING_KDE__ 1 +#endif + +/* PLATFORM handles OS, operating environment, graphics API, and CPU */ +#define PLATFORM(WTF_FEATURE) (defined( WTF_PLATFORM_##WTF_FEATURE ) && WTF_PLATFORM_##WTF_FEATURE) +#define COMPILER(WTF_FEATURE) (defined( WTF_COMPILER_##WTF_FEATURE ) && WTF_COMPILER_##WTF_FEATURE) +#define HAVE(WTF_FEATURE) (defined( HAVE_##WTF_FEATURE ) && HAVE_##WTF_FEATURE) +#define USE(WTF_FEATURE) (defined( WTF_USE_##WTF_FEATURE ) && WTF_USE_##WTF_FEATURE) +#define ENABLE(WTF_FEATURE) (defined( ENABLE_##WTF_FEATURE ) && ENABLE_##WTF_FEATURE) + +/* Operating systems - low-level dependencies */ + +/* PLATFORM(DARWIN) */ +/* Operating system level dependencies for Mac OS X / Darwin that should */ +/* be used regardless of operating environment */ +#ifdef __APPLE__ +#define WTF_PLATFORM_DARWIN 1 +#endif + +/* PLATFORM(WIN_OS) */ +/* Operating system level dependencies for Windows that should be used */ +/* regardless of operating environment */ +#if defined(WIN32) || defined(_WIN32) +#define WTF_PLATFORM_WIN_OS 1 +#endif + +/* PLATFORM(UNIX) */ +/* Operating system level dependencies for Unix-like systems that */ +/* should be used regardless of operating environment */ +/* (includes PLATFORM(DARWIN)) */ +#if defined(__APPLE__) \ + || defined(unix) \ + || defined(__unix) \ + || defined(__unix__) \ + || defined (__NetBSD__) \ + || defined(_AIX) +#define WTF_PLATFORM_UNIX 1 +#endif + +/* PLATFORM(SOLARIS_OS) */ +/* Operating system level dependencies for Sun (Open)Solaris 10. */ +/* Studio 12 on Solaris defines __SunOS; gcc defines __sun__; */ +/* Both compilers define __sun and sun. */ +#if defined(__sun) || defined(sun) +#define WTF_PLATFORM_SOLARIS_OS 1 +#endif + +/* Operating environments */ + +/* I made the BUILDING_KDE__ macro up for the KDE build system to define */ + +/* PLATFORM(KDE) */ +/* PLATFORM(MAC) */ +/* PLATFORM(WIN) */ +#if BUILDING_KDE__ +#define WTF_PLATFORM_KDE 1 +#elif PLATFORM(DARWIN) +#define WTF_PLATFORM_MAC 1 +#elif PLATFORM(WIN_OS) +#define WTF_PLATFORM_WIN 1 +#endif +#if defined(BUILDING_GDK__) +#define WTF_PLATFORM_GDK 1 +#endif + + +/* CPU */ + +/* PLATFORM(PPC) */ +#if defined(__ppc__) \ + || defined(__PPC__) \ + || defined(__powerpc__) \ + || defined(__powerpc) \ + || defined(__POWERPC__) \ + || defined(_M_PPC) \ + || defined(__PPC) +#define WTF_PLATFORM_PPC 1 +#define WTF_PLATFORM_BIG_ENDIAN 1 +#endif + +/* PLATFORM(PPC64) */ +#if defined(__ppc64__) \ + || defined(__PPC64__) +#define WTF_PLATFORM_PPC64 1 +#define WTF_PLATFORM_BIG_ENDIAN 1 +#endif + +#if defined(arm) +#define WTF_PLATFORM_ARM 1 +#if defined(__ARMEB__) +#define WTF_PLATFORM_BIG_ENDIAN 1 +#elif !defined(__ARM_EABI__) && !defined(__ARMEB__) +#define WTF_PLATFORM_MIDDLE_ENDIAN 1 +#endif +#if !defined(__ARM_EABI__) +#define WTF_PLATFORM_FORCE_PACK 1 +#endif +#endif + +/* PLATFORM(X86) */ +#if defined(__i386__) \ + || defined(i386) \ + || defined(_M_IX86) \ + || defined(_X86_) \ + || defined(__THW_INTEL) +#define WTF_PLATFORM_X86 1 +#endif + +/* PLATFORM(X86_64) */ +#if defined(__x86_64__) \ + || defined(__ia64__) +#define WTF_PLATFORM_X86_64 1 +#endif + +/* PLATFORM(SPARC) */ +#if defined(sparc) +#define WTF_PLATFORM_SPARC 1 +#endif + +/* Compiler */ + +/* COMPILER(CWP) */ +#if defined(__MWERKS__) +#define WTF_COMPILER_CWP 1 +#endif + +/* COMPILER(MSVC) */ +#if defined(_MSC_VER) +#define WTF_COMPILER_MSVC 1 +#endif + +/* COMPILER(GCC) */ +#if defined(__GNUC__) +#define WTF_COMPILER_GCC 1 +#endif + +/* COMPILER(SUNPRO) */ +#if defined(__SUNPRO_CC) +#define WTF_COMPILER_SUNPRO 1 +#endif + +/* COMPILER(BORLAND) */ +/* not really fully supported - is this relevant any more? */ +#if defined(__BORLANDC__) +#define WTF_COMPILER_BORLAND 1 +#endif + +/* COMPILER(CYGWIN) */ +/* not really fully supported - is this relevant any more? */ +#if defined(__CYGWIN__) +#define WTF_COMPILER_CYGWIN 1 +#endif + +/* multiple threads only supported on Mac for now */ +#if PLATFORM(MAC) +#ifndef WTF_USE_MULTIPLE_THREADS +#define WTF_USE_MULTIPLE_THREADS 1 +#endif +#ifndef WTF_USE_BINDINGS +#define WTF_USE_BINDINGS 1 +#endif +#endif + +/* for Unicode, KDE uses Qt, everything else uses ICU */ +#if PLATFORM(KDE) || PLATFORM(QT) +#define WTF_USE_QT4_UNICODE 1 +#elif PLATFORM(SYMBIAN) +#define WTF_USE_SYMBIAN_UNICODE 1 +#else +#define WTF_USE_ICU_UNICODE 1 +#endif + +#if PLATFORM(MAC) +#define WTF_PLATFORM_CF 1 +#endif + +#if PLATFORM(WIN) +#define WTF_USE_WININET 1 +#endif + +#if PLATFORM(GDK) +#define WTF_USE_CURL 1 +#endif + +/* ENABLE macro defaults */ + +#endif /* WTF_Platform_h */ diff --git a/khtml/html/RefPtr.h b/khtml/html/RefPtr.h new file mode 100644 index 000000000..8754bbf94 --- /dev/null +++ b/khtml/html/RefPtr.h @@ -0,0 +1,202 @@ +// -*- mode: c++; c-basic-offset: 4 -*- +/* + * Copyright (C) 2005, 2006, 2007, 2008 Apple Inc. All rights reserved. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public License + * along with this library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301, USA. + * + */ + +#ifndef WTF_RefPtr_h +#define WTF_RefPtr_h + +#include +#include "AlwaysInline.h" + +namespace WTF { + + enum PlacementNewAdoptType { PlacementNewAdopt }; + + template class PassRefPtr; + + enum HashTableDeletedValueType { HashTableDeletedValue }; + + template class RefPtr { + public: + RefPtr() : m_ptr(0) { } + RefPtr(T* ptr) : m_ptr(ptr) { if (ptr) ptr->ref(); } + RefPtr(const RefPtr& o) : m_ptr(o.m_ptr) { if (T* ptr = m_ptr) ptr->ref(); } + // see comment in PassRefPtr.h for why this takes const reference + template RefPtr(const PassRefPtr&); + + // Special constructor for cases where we overwrite an object in place. + RefPtr(PlacementNewAdoptType) { } + + // Hash table deleted values, which are only constructed and never copied or destroyed. + RefPtr(HashTableDeletedValueType) : m_ptr(hashTableDeletedValue()) { } + bool isHashTableDeletedValue() const { return m_ptr == hashTableDeletedValue(); } + + ~RefPtr() { if (T* ptr = m_ptr) ptr->deref(); } + + template RefPtr(const RefPtr& o) : m_ptr(o.get()) { if (T* ptr = m_ptr) ptr->ref(); } + + T* get() const { return m_ptr; } + + void clear() { if (T* ptr = m_ptr) ptr->deref(); m_ptr = 0; } + PassRefPtr release() { PassRefPtr tmp = adoptRef(m_ptr); m_ptr = 0; return tmp; } + + T& operator*() const { return *m_ptr; } + ALWAYS_INLINE T* operator->() const { return m_ptr; } + + bool operator!() const { return !m_ptr; } + + // This conversion operator allows implicit conversion to bool but not to other integer types. + typedef T* RefPtr::*UnspecifiedBoolType; + operator UnspecifiedBoolType() const { return m_ptr ? &RefPtr::m_ptr : 0; } + + RefPtr& operator=(const RefPtr&); + RefPtr& operator=(T*); + RefPtr& operator=(const PassRefPtr&); + template RefPtr& operator=(const RefPtr&); + template RefPtr& operator=(const PassRefPtr&); + + void swap(RefPtr&); + + private: + static T* hashTableDeletedValue() { return reinterpret_cast(-1); } + + T* m_ptr; + }; + + template template inline RefPtr::RefPtr(const PassRefPtr& o) + : m_ptr(o.releaseRef()) + { + } + + template inline RefPtr& RefPtr::operator=(const RefPtr& o) + { + T* optr = o.get(); + if (optr) + optr->ref(); + T* ptr = m_ptr; + m_ptr = optr; + if (ptr) + ptr->deref(); + return *this; + } + + template template inline RefPtr& RefPtr::operator=(const RefPtr& o) + { + T* optr = o.get(); + if (optr) + optr->ref(); + T* ptr = m_ptr; + m_ptr = optr; + if (ptr) + ptr->deref(); + return *this; + } + + template inline RefPtr& RefPtr::operator=(T* optr) + { + if (optr) + optr->ref(); + T* ptr = m_ptr; + m_ptr = optr; + if (ptr) + ptr->deref(); + return *this; + } + + template inline RefPtr& RefPtr::operator=(const PassRefPtr& o) + { + T* ptr = m_ptr; + m_ptr = o.releaseRef(); + if (ptr) + ptr->deref(); + return *this; + } + + template template inline RefPtr& RefPtr::operator=(const PassRefPtr& o) + { + T* ptr = m_ptr; + m_ptr = o.releaseRef(); + if (ptr) + ptr->deref(); + return *this; + } + + template inline void RefPtr::swap(RefPtr& o) + { + std::swap(m_ptr, o.m_ptr); + } + + template inline void swap(RefPtr& a, RefPtr& b) + { + a.swap(b); + } + + template inline bool operator==(const RefPtr& a, const RefPtr& b) + { + return a.get() == b.get(); + } + + template inline bool operator==(const RefPtr& a, U* b) + { + return a.get() == b; + } + + template inline bool operator==(T* a, const RefPtr& b) + { + return a == b.get(); + } + + template inline bool operator!=(const RefPtr& a, const RefPtr& b) + { + return a.get() != b.get(); + } + + template inline bool operator!=(const RefPtr& a, U* b) + { + return a.get() != b; + } + + template inline bool operator!=(T* a, const RefPtr& b) + { + return a != b.get(); + } + + template inline RefPtr static_pointer_cast(const RefPtr& p) + { + return RefPtr(static_cast(p.get())); + } + + template inline RefPtr const_pointer_cast(const RefPtr& p) + { + return RefPtr(const_cast(p.get())); + } + + template inline T* getPtr(const RefPtr& p) + { + return p.get(); + } + +} // namespace WTF + +using WTF::RefPtr; +using WTF::static_pointer_cast; +using WTF::const_pointer_cast; + +#endif // WTF_RefPtr_h diff --git a/khtml/html/htmlparser.cpp b/khtml/html/htmlparser.cpp index 703186689..9da99f4b3 100644 --- a/khtml/html/htmlparser.cpp +++ b/khtml/html/htmlparser.cpp @@ -195,7 +195,6 @@ void KHTMLParser::reset() form = 0; map = 0; - head = 0; end = false; isindex = 0; @@ -612,8 +611,7 @@ bool KHTMLParser::insertNode(NodeImpl *n, bool flat) case ID_BASE: if(!head) { head = new HTMLHeadElementImpl(document); - e = head; - insertNode(e); + insertNode(head.get()); handled = true; } break; @@ -835,7 +833,7 @@ NodeImpl *KHTMLParser::getElement(Token* t) case ID_HEAD: if(!head && current->id() == ID_HTML) { head = new HTMLHeadElementImpl(document); - n = head; + n = head.get(); } break; case ID_BODY: @@ -1684,12 +1682,12 @@ void KHTMLParser::createHead() head = new HTMLHeadElementImpl(document); HTMLElementImpl *body = doc()->body(); int exceptioncode = 0; - doc()->firstChild()->insertBefore(head, body, exceptioncode); + doc()->firstChild()->insertBefore(head.get(), body, exceptioncode); if ( exceptioncode ) { #ifdef PARSER_DEBUG kdDebug( 6035 ) << "creation of head failed!!!!" << endl; #endif - delete head; + delete head.get(); head = 0; } } diff --git a/khtml/html/htmlparser.h b/khtml/html/htmlparser.h index ea1db2ee0..d0ce549ef 100644 --- a/khtml/html/htmlparser.h +++ b/khtml/html/htmlparser.h @@ -42,6 +42,7 @@ #include "dom/dom_string.h" #include "xml/dom_nodeimpl.h" #include "html/html_documentimpl.h" +#include "html/RefPtr.h" class KHTMLView; class HTMLStackElem; @@ -148,7 +149,7 @@ private: /* * the head element. Needed for crappy html which defines after */ - DOM::HTMLHeadElementImpl *head; + RefPtr head; /* * a possible element in the head. Compatibility hack for diff --git a/kio/kssl/kopenssl.cc b/kio/kssl/kopenssl.cc index ababf37a0..70d36cd8e 100644 --- a/kio/kssl/kopenssl.cc +++ b/kio/kssl/kopenssl.cc @@ -201,6 +201,7 @@ static int (*K_X509_NAME_add_entry_by_txt)(X509_NAME*, char*, int, unsigned char static X509_NAME *(*K_X509_NAME_new)() = 0L; static int (*K_X509_REQ_set_subject_name)(X509_REQ*,X509_NAME*) = 0L; static unsigned char *(*K_ASN1_STRING_data)(ASN1_STRING*) = 0L; +static int (*K_ASN1_STRING_length)(ASN1_STRING*) = 0L; static STACK_OF(SSL_CIPHER) *(*K_SSL_get_ciphers)(const SSL *ssl) = 0L; #endif @@ -504,6 +505,7 @@ KConfig *cfg; K_X509_NAME_new = (X509_NAME *(*)()) _cryptoLib->symbol("X509_NAME_new"); K_X509_REQ_set_subject_name = (int (*)(X509_REQ*,X509_NAME*)) _cryptoLib->symbol("X509_REQ_set_subject_name"); K_ASN1_STRING_data = (unsigned char *(*)(ASN1_STRING*)) _cryptoLib->symbol("ASN1_STRING_data"); + K_ASN1_STRING_length = (int (*)(ASN1_STRING*)) _cryptoLib->symbol("ASN1_STRING_length"); #endif } @@ -1561,6 +1563,11 @@ unsigned char *KOpenSSLProxy::ASN1_STRING_data(ASN1_STRING *x) { return 0L; } +int KOpenSSLProxy::ASN1_STRING_length(ASN1_STRING *x) { + if (K_ASN1_STRING_length) return (K_ASN1_STRING_length)(x); + return 0L; +} + STACK_OF(SSL_CIPHER) *KOpenSSLProxy::SSL_get_ciphers(const SSL* ssl) { if (K_SSL_get_ciphers) return (K_SSL_get_ciphers)(ssl); return 0L; diff --git a/kio/kssl/kopenssl.h b/kio/kssl/kopenssl.h index e4f6de0e8..24130807a 100644 --- a/kio/kssl/kopenssl.h +++ b/kio/kssl/kopenssl.h @@ -633,6 +633,11 @@ public: */ unsigned char *ASN1_STRING_data(ASN1_STRING *x); + /* + * ASN1_STRING_length + */ + int ASN1_STRING_length(ASN1_STRING *x); + /* * */ diff --git a/kio/kssl/ksslcertificate.cc b/kio/kssl/ksslcertificate.cc index 73a8451ca..285bb1d2d 100644 --- a/kio/kssl/ksslcertificate.cc +++ b/kio/kssl/ksslcertificate.cc @@ -1113,7 +1113,9 @@ TQStringList KSSLCertificate::subjAltNames() const { } TQString s = (const char *)d->kossl->ASN1_STRING_data(val->d.ia5); - if (!s.isEmpty()) { + if (!s.isEmpty() && + /* skip subjectAltNames with embedded NULs */ + s.length() == d->kossl->ASN1_STRING_length(val->d.ia5)) { rc += s; } } diff --git a/kjs/collector.cpp b/kjs/collector.cpp index 62d594329..b8d233850 100644 --- a/kjs/collector.cpp +++ b/kjs/collector.cpp @@ -23,6 +23,7 @@ #include "value.h" #include "internal.h" +#include #ifndef MAX #define MAX(a,b) ((a) > (b) ? (a) : (b)) @@ -119,6 +120,9 @@ void* Collector::allocate(size_t s) // didn't find one, need to allocate a new block if (heap.usedBlocks == heap.numBlocks) { + static const size_t maxNumBlocks = ULONG_MAX / sizeof(CollectorBlock*) / GROWTH_FACTOR; + if (heap.numBlocks > maxNumBlocks) + return 0L; heap.numBlocks = MAX(MIN_ARRAY_SIZE, heap.numBlocks * GROWTH_FACTOR); heap.blocks = (CollectorBlock **)realloc(heap.blocks, heap.numBlocks * sizeof(CollectorBlock *)); } -- cgit v1.2.1