From 33e60e8e78543462d31e8c6a7c3577ffe18b6647 Mon Sep 17 00:00:00 2001
From: tpearson <tpearson@283d02a7-25f6-0310-bc7c-ecb5cbfe19da>
Date: Wed, 29 Sep 2010 05:15:51 +0000
Subject: Critical security patches for the following vulnerabilities:
 CVE-2009-0689 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698 CVE-2009-2702

git-svn-id: svn://anonsvn.kde.org/home/kde/branches/trinity/kdelibs@1180823 283d02a7-25f6-0310-bc7c-ecb5cbfe19da
---
 kjs/collector.cpp | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'kjs')

diff --git a/kjs/collector.cpp b/kjs/collector.cpp
index 62d594329..b8d233850 100644
--- a/kjs/collector.cpp
+++ b/kjs/collector.cpp
@@ -23,6 +23,7 @@
 
 #include "value.h"
 #include "internal.h"
+#include <limits.h>
 
 #ifndef MAX
 #define MAX(a,b) ((a) > (b) ? (a) : (b))
@@ -119,6 +120,9 @@ void* Collector::allocate(size_t s)
     // didn't find one, need to allocate a new block
 
     if (heap.usedBlocks == heap.numBlocks) {
+      static const size_t maxNumBlocks = ULONG_MAX / sizeof(CollectorBlock*) / GROWTH_FACTOR;
+      if (heap.numBlocks > maxNumBlocks)
+          return 0L;
       heap.numBlocks = MAX(MIN_ARRAY_SIZE, heap.numBlocks * GROWTH_FACTOR);
       heap.blocks = (CollectorBlock **)realloc(heap.blocks, heap.numBlocks * sizeof(CollectorBlock *));
     }
-- 
cgit v1.2.1