Mercurial > hg > nginx
changeset 4829:40de49cf6b37
Fixed overflow if ngx_slab_alloc() is called with very big "size" argument.
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Thu, 30 Aug 2012 15:09:21 +0000 |
parents | f57154322e0e |
children | 2c863b4a8f93 |
files | src/core/ngx_slab.c |
diffstat | 1 files changed, 2 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/core/ngx_slab.c Thu Aug 30 14:58:11 2012 +0000 +++ b/src/core/ngx_slab.c Thu Aug 30 15:09:21 2012 +0000 @@ -162,8 +162,8 @@ ngx_log_debug1(NGX_LOG_DEBUG_ALLOC, ngx_cycle->log, 0, "slab alloc: %uz", size); - page = ngx_slab_alloc_pages(pool, (size + ngx_pagesize - 1) - >> ngx_pagesize_shift); + page = ngx_slab_alloc_pages(pool, (size >> ngx_pagesize_shift) + + ((size % ngx_pagesize) ? 1 : 0)); if (page) { p = (page - pool->pages) << ngx_pagesize_shift; p += (uintptr_t) pool->start;