Fixed overflow if ngx_slab_alloc() is called with very big "size" argument.

2025-06-08 02:02:38 +08:00 · 2012-08-30 15:09:21 +00:00 · 2012-08-30 15:09:21 +00:00 · 9d6d33a561
commit 9d6d33a561
parent d469482cda
1 changed files with 2 additions and 2 deletions
--- a/src/core/ngx_slab.c
+++ b/src/core/ngx_slab.c
@ -162,8 +162,8 @@ ngx_slab_alloc_locked(ngx_slab_pool_t *pool, size_t size)
        ngx_log_debug1(NGX_LOG_DEBUG_ALLOC, ngx_cycle->log, 0,
                       "slab alloc: %uz", size);
-        page = ngx_slab_alloc_pages(pool, (size + ngx_pagesize - 1)
+        page = ngx_slab_alloc_pages(pool, (size >> ngx_pagesize_shift)
-                                          >> ngx_pagesize_shift);
+                                          + ((size % ngx_pagesize) ? 1 : 0));
        if (page) {
            p = (page - pool->pages) << ngx_pagesize_shift;
            p += (uintptr_t) pool->start;