From: Kurt Zeilenga <kurt@openldap.org>
Date: Sat, 22 Sep 2001 03:18:02 +0000 (+0000)
Subject: Fix an off by one bug which could cause a realloced buffer to be
X-Git-Tag: LDBM_PRE_GIANT_RWLOCK~1074
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=6cc6a187dab057f10e15732ccacef07a7a8c036e;p=openldap

Fix an off by one bug which could cause a realloced buffer to be
too small.  Changed extra size algorithm to use a much simplier
approach and detailed non-optimized version.
---

diff --git a/libraries/liblber/io.c b/libraries/liblber/io.c
index e5aae6d46e..b54f828cdc 100644
--- a/libraries/liblber/io.c
+++ b/libraries/liblber/io.c
@@ -34,8 +34,6 @@
 
 #include "lber-int.h"
 
-#define LBER_EXBUFSIZ	1024
-
 static ber_slen_t
 BerRead(
 	Sockbuf *sb,
@@ -123,20 +121,32 @@ ber_write(
 int
 ber_realloc( BerElement *ber, ber_len_t len )
 {
-	ber_len_t	need, have, total;
+	ber_len_t	total;
 	Seqorset	*s;
 	long		off;
 	char		*oldbuf;
 
 	assert( ber != NULL );
 	assert( len > 0 );
-
 	assert( LBER_VALID( ber ) );
 
 	total = ber_pvt_ber_total( ber );
-	have = total / LBER_EXBUFSIZ;
-	need = len < LBER_EXBUFSIZ ? 1 : (len + (LBER_EXBUFSIZ - 1)) / LBER_EXBUFSIZ;
-	total = have * LBER_EXBUFSIZ + need * LBER_EXBUFSIZ;
+
+#define LBER_EXBUFSIZ	1000 /* a few words less than 2^N for binary buddy */
+#if defined( LBER_EXBUFSIZ ) && LBER_EXBUFSIZ > 0
+# ifndef notdef
+	/* don't realloc by small amounts */
+	total += len < LBER_EXBUFSIZ ? LBER_EXBUFSIZ : len;
+# else
+	{	/* not sure what value this adds */
+		ber_len_t have = (total + (LBER_EXBUFSIZE - 1)) / LBER_EXBUFSIZ;
+		ber_len_t need = (len + (LBER_EXBUFSIZ - 1)) / LBER_EXBUFSIZ;
+		total = ( have + need ) * LBER_EXBUFSIZ;
+	}
+# endif
+#else
+	total += len;	/* realloc just what's needed */
+#endif
 
 	oldbuf = ber->ber_buf;