Differences From Artifact [922c94b804]:
- File src/OFCountedSet_hashtable.m — part of check-in [7e5c81e186] at 2018-01-03 19:49:46 on branch trunk — Update copyright notice (user: js, size: 4819) [annotate] [blame] [check-ins using]
To Artifact [de664a6849]:
- File
src/OFCountedSet_hashtable.m
— part of check-in
[43a93d8a16]
at
2018-03-10 20:19:34
on branch trunk
— OFCountedSet: Improve deserialization
This turns wrong values due to integer overflows or underflows into errors. (user: js, size: 5086) [annotate] [blame] [check-ins using]
︙ | ︙ | |||
133 134 135 136 137 138 139 | @throw [OFInvalidArgumentException exception]; for (OFXMLElement *objectElement in [element elementsForName: @"object" namespace: OF_SERIALIZATION_NS]) { void *pool2 = objc_autoreleasePoolPush(); OFXMLElement *object; | | > | > | | > | > > > > > > | 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 | @throw [OFInvalidArgumentException exception]; for (OFXMLElement *objectElement in [element elementsForName: @"object" namespace: OF_SERIALIZATION_NS]) { void *pool2 = objc_autoreleasePoolPush(); OFXMLElement *object; OFXMLAttribute *countAttribute; intmax_t signedCount; uintmax_t count; object = [[objectElement elementsForNamespace: OF_SERIALIZATION_NS] firstObject]; countAttribute = [objectElement attributeForName: @"count"]; if (object == nil || countAttribute == nil) @throw [OFInvalidFormatException exception]; signedCount = [[countAttribute stringValue] decimalValue]; if (signedCount < 0) @throw [OFOutOfRangeException exception]; count = signedCount; if (count > SIZE_MAX || count > UINTPTR_MAX) @throw [OFOutOfRangeException exception]; [_mapTable setObject: (void *)(uintptr_t)count forKey: [object objectByDeserializing]]; objc_autoreleasePoolPop(pool2); } |
︙ | ︙ |