diff options
| author | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-01-16 23:03:55 +0000 |
|---|---|---|
| committer | jln@chromium.org <jln@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-01-16 23:03:55 +0000 |
| commit | 4ab35b3b7ffdc39112de53dd57f9b0c56bd7f352 (patch) | |
| tree | 2094bcee6440ab9ed802caea7600384a20d1b06e /third_party/tcmalloc | |
| parent | bd4380a58a06e0614264c071fbb5a3e4d18ac0d2 (diff) | |
| download | chromium_src-4ab35b3b7ffdc39112de53dd57f9b0c56bd7f352.zip chromium_src-4ab35b3b7ffdc39112de53dd57f9b0c56bd7f352.tar.gz chromium_src-4ab35b3b7ffdc39112de53dd57f9b0c56bd7f352.tar.bz2 | |
TCMalloc: explicitly prevent int overflow.
NOTRY=true
Review URL: https://chromiumcodereview.appspot.com/11956020
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@177248 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'third_party/tcmalloc')
| -rw-r--r-- | third_party/tcmalloc/chromium/src/tcmalloc.cc | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/third_party/tcmalloc/chromium/src/tcmalloc.cc b/third_party/tcmalloc/chromium/src/tcmalloc.cc index 591c687..48e71c2 100644 --- a/third_party/tcmalloc/chromium/src/tcmalloc.cc +++ b/third_party/tcmalloc/chromium/src/tcmalloc.cc @@ -140,6 +140,7 @@ #undef small using STL_NAMESPACE::max; +using STL_NAMESPACE::min; using STL_NAMESPACE::numeric_limits; using STL_NAMESPACE::vector; @@ -1247,7 +1248,9 @@ inline void* do_realloc_with_callback( // . If we need to grow, grow to max(new_size, old_size * 1.X) // . Don't shrink unless new_size < old_size * 0.Y // X and Y trade-off time for wasted space. For now we do 1.25 and 0.5. - const size_t lower_bound_to_grow = old_size + old_size / 4; + const size_t min_growth = min(old_size / 4, + (std::numeric_limits<size_t>::max)() - old_size); // Avoid overflow. + const size_t lower_bound_to_grow = old_size + min_growth; const size_t upper_bound_to_shrink = old_size / 2; if ((new_size > old_size) || (new_size < upper_bound_to_shrink)) { // Need to reallocate. |