Mercurial > hg > nginx

changeset 4829:40de49cf6b37

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fixed overflow if ngx_slab_alloc() is called with very big "size" argument.
author Ruslan Ermilov <ru@nginx.com>
date Thu, 30 Aug 2012 15:09:21 +0000
parents f57154322e0e
children 2c863b4a8f93
files src/core/ngx_slab.c
diffstat 1 files changed, 2 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/src/core/ngx_slab.c
+++ b/src/core/ngx_slab.c
@@ -162,8 +162,8 @@ ngx_slab_alloc_locked(ngx_slab_pool_t *p
         ngx_log_debug1(NGX_LOG_DEBUG_ALLOC, ngx_cycle->log, 0,
                        "slab alloc: %uz", size);
 
-        page = ngx_slab_alloc_pages(pool, (size + ngx_pagesize - 1)
-                                          >> ngx_pagesize_shift);
+        page = ngx_slab_alloc_pages(pool, (size >> ngx_pagesize_shift)
+                                          + ((size % ngx_pagesize) ? 1 : 0));
         if (page) {
             p = (page - pool->pages) << ngx_pagesize_shift;
             p += (uintptr_t) pool->start;