Check for value overlow in buffer.cc

http://b/issue?id=2106717 Review URL: http://codereview.chromium.org/194059 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@25804 0039d316-1c4b-4281-b951-d872f2087c98
author: gman@google.com <gman@google.com@0039d316-1c4b-4281-b951-d872f2087c98> 2009-09-09 22:45:05 +0000
committer: gman@google.com <gman@google.com@0039d316-1c4b-4281-b951-d872f2087c98> 2009-09-09 22:45:05 +0000
commit: 672606d6d4197b45b4239249b53b4c386e26f5a7 (patch)
tree: e2cceda6ed7daa9b3795ec7970e03cb9248755e5 /o3d
parent: d3f665783018ad6832b224d108640a0be2b1f248 (diff)
download: chromium_src-672606d6d4197b45b4239249b53b4c386e26f5a7.zip
chromium_src-672606d6d4197b45b4239249b53b4c386e26f5a7.tar.gz
chromium_src-672606d6d4197b45b4239249b53b4c386e26f5a7.tar.bz2
1 files changed, 7 insertions, 0 deletions
diff --git a/o3d/core/cross/buffer.cc b/o3d/core/cross/buffer.cc
index 6847fc2..4c0071e 100644
--- a/o3d/core/cross/buffer.cc
+++ b/o3d/core/cross/buffer.cc
@@ -159,6 +159,13 @@ bool Buffer::AllocateElements(unsigned num_elements) {
   }
 
   size_t size_in_bytes = num_elements * stride_;
+  // Check for size_t overflow.
+  if (size_in_bytes / stride_ != num_elements) {
+    O3D_ERROR(service_locator())
+        << "Attempt to allocate too many elements for the current set of "
+        << "fields on buffer.";
+    return false;
+  }
 
   if (size_in_bytes == 0) {
     O3D_ERROR(service_locator())
author	gman@google.com <gman@google.com@0039d316-1c4b-4281-b951-d872f2087c98>	2009-09-09 22:45:05 +0000
committer	gman@google.com <gman@google.com@0039d316-1c4b-4281-b951-d872f2087c98>	2009-09-09 22:45:05 +0000
commit	672606d6d4197b45b4239249b53b4c386e26f5a7 (patch)
tree	e2cceda6ed7daa9b3795ec7970e03cb9248755e5 /o3d
parent	d3f665783018ad6832b224d108640a0be2b1f248 (diff)
download	chromium_src-672606d6d4197b45b4239249b53b4c386e26f5a7.zip chromium_src-672606d6d4197b45b4239249b53b4c386e26f5a7.tar.gz chromium_src-672606d6d4197b45b4239249b53b4c386e26f5a7.tar.bz2