Fix out-of-bounds write

This commit is contained in:
Gael Guennebaud 2014-12-11 16:12:15 +01:00
parent 19e16fe15f
commit d0c3fcd382

View File

@ -69,7 +69,7 @@ class AmbiVector
delete[] m_buffer; delete[] m_buffer;
if (size<1000) if (size<1000)
{ {
Index allocSize = (size * sizeof(ListEl))/sizeof(Scalar); Index allocSize = (size * sizeof(ListEl) + sizeof(Scalar) - 1)/sizeof(Scalar);
m_allocatedElements = (allocSize*sizeof(Scalar))/sizeof(ListEl); m_allocatedElements = (allocSize*sizeof(Scalar))/sizeof(ListEl);
m_buffer = new Scalar[allocSize]; m_buffer = new Scalar[allocSize];
} }
@ -88,7 +88,7 @@ class AmbiVector
Index copyElements = m_allocatedElements; Index copyElements = m_allocatedElements;
m_allocatedElements = (std::min)(Index(m_allocatedElements*1.5),m_size); m_allocatedElements = (std::min)(Index(m_allocatedElements*1.5),m_size);
Index allocSize = m_allocatedElements * sizeof(ListEl); Index allocSize = m_allocatedElements * sizeof(ListEl);
allocSize = allocSize/sizeof(Scalar) + (allocSize%sizeof(Scalar)>0?1:0); allocSize = (allocSize + sizeof(Scalar) - 1)/sizeof(Scalar);
Scalar* newBuffer = new Scalar[allocSize]; Scalar* newBuffer = new Scalar[allocSize];
memcpy(newBuffer, m_buffer, copyElements * sizeof(ListEl)); memcpy(newBuffer, m_buffer, copyElements * sizeof(ListEl));
delete[] m_buffer; delete[] m_buffer;