From 25d5f6251d040ee5e6c4dc88f6adf5dae85e2c5d Mon Sep 17 00:00:00 2001 From: Jeffrey Stedfast Date: Thu, 11 Mar 2004 21:24:20 +0000 Subject: Sanity check that count is <1024 and also use g_try_malloc so that we can 2004-03-11 Jeffrey Stedfast * camel-object.c (cobject_state_read): Sanity check that count is <1024 and also use g_try_malloc so that we can recover if malloc fails. svn path=/trunk/; revision=25036 --- camel/ChangeLog | 7 +++++++ camel/camel-object.c | 8 +++++--- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/camel/ChangeLog b/camel/ChangeLog index 5a8c3949c7..d75244005b 100644 --- a/camel/ChangeLog +++ b/camel/ChangeLog @@ -1,3 +1,9 @@ +2004-03-11 Jeffrey Stedfast + + * camel-object.c (cobject_state_read): Sanity check that count is + <1024 and also use g_try_malloc so that we can recover if malloc + fails. + 2004-03-11 Not Zed * providers/imap/camel-imap-store.c (no_such_folder): removed @@ -62,6 +68,7 @@ * camel-store.h: time to fix up the camelfolderinfo mess. fix some member names, and add some type fields. Fixed all uses. +>>>>>>> 1.2033 2004-03-04 Not Zed ** See bug #53355. diff --git a/camel/camel-object.c b/camel/camel-object.c index 2af07e15e2..4875774652 100644 --- a/camel/camel-object.c +++ b/camel/camel-object.c @@ -434,13 +434,15 @@ cobject_state_read(CamelObject *obj, FILE *fp) CamelArgV *argv; if (camel_file_util_decode_uint32(fp, &count) == -1 - || count == 0) { + || count == 0 || count > 1024) { /* maybe it was just version 0 afterall */ return 0; } - + /* we batch up the properties and set them in one go */ - argv = g_malloc(sizeof(*argv) + (count - CAMEL_ARGV_MAX) * sizeof(argv->argv[0])); + if (!(argv = g_try_malloc (sizeof (*argv) + (count - CAMEL_ARGV_MAX) * sizeof (argv->argv[0])))) + return -1; + argv->argc = 0; for (i=0;iargv[argv->argc].tag) == -1) -- cgit