diff options
author | 2016-01-22 09:54:02 -0800 | |
---|---|---|
committer | 2016-01-22 09:54:02 -0800 | |
commit | b1ec345ff80b9f77ff385ed6b7edc0b5940aa2fb (patch) | |
tree | 775be41caa70a28a8359f3da2dd6c3ae7b4ad4fb | |
parent | 6cc7eb47142dcad1cf277ccf31c38fc53746e45e (diff) | |
download | paludis-b1ec345ff80b9f77ff385ed6b7edc0b5940aa2fb.tar.gz paludis-b1ec345ff80b9f77ff385ed6b7edc0b5940aa2fb.tar.xz |
util: use `resize` instead of `reserve`
Although `reserve` should be sufficient, it is technically incorrect as per the
spec. The result of `data` is only valid for the range [data(), data() +
size()]. However, given that a `resize` will not adjust the size of the vector,
the valid range for the data pointer will be the previous capacity, potentially
resulting in a heap corruption.
Thanks to Freundlich for pointing this out.
-rw-r--r-- | paludis/util/persona.cc | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/paludis/util/persona.cc b/paludis/util/persona.cc index 817ea960b..3964356cf 100644 --- a/paludis/util/persona.cc +++ b/paludis/util/persona.cc @@ -75,10 +75,10 @@ namespace paludis length = initial_buffer_size<_SC_GETPW_R_SIZE_MAX>("accounts.getpw_r_size"); - for (buffer.reserve(length); + for (buffer.resize(length); (rv = ::getpwnam_r(name, &pwd, buffer.data(), buffer.capacity(), &result)) == ERANGE; - buffer.reserve(length)) + buffer.resize(length)) length = length * 2; return rv; @@ -95,10 +95,10 @@ namespace paludis length = initial_buffer_size<_SC_GETGR_R_SIZE_MAX>("accounts.getgr_r_size"); - for (buffer.reserve(length); + for (buffer.resize(length); (rv = ::getgrgid_r(gid, &grp, buffer.data(), buffer.capacity(), &result)) == ERANGE; - buffer.reserve(length)) + buffer.resize(length)) length = length * 2; return rv; @@ -115,10 +115,10 @@ namespace paludis length = initial_buffer_size<_SC_GETPW_R_SIZE_MAX>("accounts.getpw_r_size"); - for (buffer.reserve(length); + for (buffer.resize(length); (rv = ::getpwuid_r(uid, &pwd, buffer.data(), buffer.capacity(), &result)) == ERANGE; - buffer.reserve(length)) + buffer.resize(length)) length = length * 2; return rv; |