Actual allocation size is computed as (count + 1)*sizeof(meta_keys), so
we need to check that (count + 1) won't cause overflow.
From cfc0f5a099284c95476d5c020dca05fb743ff5ae Mon Sep 17 00:00:00 2001
From: Sergey Volk
Date: Wed, 7 Sep 2016 14:05:35 -0700
Subject: [PATCH] Fix potential integer overf
I just realized that count+1 itself might overflow if count==UINT_MAX, so I
guess it's better to subtract 1 from the right-hand side. Attached updated
patch.
On Wed, Sep 7, 2016 at 2:21 PM, Sergey Volk wrote:
> Actual allocation size is computed as (count + 1)*sizeof(meta_keys), so
> we need to
On Wed, Sep 07, 2016 at 02:38:48PM -0700, Sergey Volk wrote:
> I just realized that count+1 itself might overflow if count==UINT_MAX, so I
> guess it's better to subtract 1 from the right-hand side. Attached updated
> patch.
>
> On Wed, Sep 7, 2016 at 2:21 PM, Sergey Volk wrote:
>
> > Actual all