overflow-check ranges[] in imap_set_range()

amends 3d64f167.
This commit is contained in:
Oswald Buddenhagen 2021-12-29 21:55:53 +01:00
parent 87c2ac1cc9
commit 6b22c837f6

View File

@ -2819,6 +2819,8 @@ typedef struct {
int flags; int flags;
} imap_range_t; } imap_range_t;
#define MAX_RANGES 4
static void static void
imap_set_range( imap_range_t *ranges, uint *nranges, int low_flags, int high_flags, uint maxlow ) imap_set_range( imap_range_t *ranges, uint *nranges, int low_flags, int high_flags, uint maxlow )
{ {
@ -2830,6 +2832,8 @@ imap_set_range( imap_range_t *ranges, uint *nranges, int low_flags, int high_fla
continue; /* Range ends below split point; try next one. */ continue; /* Range ends below split point; try next one. */
if (ranges[r].last != maxlow) { if (ranges[r].last != maxlow) {
/* Range does not end exactly at split point; need to split. */ /* Range does not end exactly at split point; need to split. */
if (*nranges == MAX_RANGES)
oob();
memmove( &ranges[r + 1], &ranges[r], ((*nranges)++ - r) * sizeof(*ranges) ); memmove( &ranges[r + 1], &ranges[r], ((*nranges)++ - r) * sizeof(*ranges) );
ranges[r].last = maxlow; ranges[r].last = maxlow;
ranges[r + 1].first = maxlow + 1; ranges[r + 1].first = maxlow + 1;
@ -2883,7 +2887,7 @@ imap_load_box( store_t *gctx, uint minuid, uint maxuid, uint finduid, uint pairu
if (maxuid == UINT_MAX) if (maxuid == UINT_MAX)
maxuid = ctx->uidnext - 1; maxuid = ctx->uidnext - 1;
if (maxuid >= minuid) { if (maxuid >= minuid) {
imap_range_t ranges[4]; imap_range_t ranges[MAX_RANGES];
ranges[0].first = minuid; ranges[0].first = minuid;
ranges[0].last = maxuid; ranges[0].last = maxuid;
ranges[0].flags = 0; ranges[0].flags = 0;