mirror of
https://git.proxmox.com/git/mirror_frr
synced 2025-08-05 10:08:41 +00:00
bgpd: Ensure we do integer size promotions
When doing multiplication of (int) * (uint_8t) we can have overflow and end up in a weird state. Intentionally upgrade the type then do the math. Signed-off-by: Donald Sharp <sharpd@nvidia.com>
This commit is contained in:
parent
f12296baac
commit
8da920d3c0
@ -265,7 +265,8 @@ struct ecommunity *ecommunity_dup(struct ecommunity *ecom)
|
||||
if (new->size) {
|
||||
new->val = XMALLOC(MTYPE_ECOMMUNITY_VAL,
|
||||
ecom->size * ecom->unit_size);
|
||||
memcpy(new->val, ecom->val, ecom->size * ecom->unit_size);
|
||||
memcpy(new->val, ecom->val,
|
||||
(size_t)ecom->size * (size_t)ecom->unit_size);
|
||||
} else
|
||||
new->val = NULL;
|
||||
return new;
|
||||
@ -285,18 +286,16 @@ struct ecommunity *ecommunity_merge(struct ecommunity *ecom1,
|
||||
struct ecommunity *ecom2)
|
||||
{
|
||||
if (ecom1->val)
|
||||
ecom1->val =
|
||||
XREALLOC(MTYPE_ECOMMUNITY_VAL, ecom1->val,
|
||||
(ecom1->size + ecom2->size) *
|
||||
ecom1->unit_size);
|
||||
ecom1->val = XREALLOC(MTYPE_ECOMMUNITY_VAL, ecom1->val,
|
||||
(size_t)(ecom1->size + ecom2->size)
|
||||
* (size_t)ecom1->unit_size);
|
||||
else
|
||||
ecom1->val =
|
||||
XMALLOC(MTYPE_ECOMMUNITY_VAL,
|
||||
(ecom1->size + ecom2->size) *
|
||||
ecom1->unit_size);
|
||||
ecom1->val = XMALLOC(MTYPE_ECOMMUNITY_VAL,
|
||||
(size_t)(ecom1->size + ecom2->size)
|
||||
* (size_t)ecom1->unit_size);
|
||||
|
||||
memcpy(ecom1->val + (ecom1->size * ecom1->unit_size), ecom2->val,
|
||||
ecom2->size * ecom1->unit_size);
|
||||
(size_t)ecom2->size * (size_t)ecom1->unit_size);
|
||||
ecom1->size += ecom2->size;
|
||||
|
||||
return ecom1;
|
||||
|
Loading…
Reference in New Issue
Block a user