Check for overflow when allocating RcBox

Since we're over-allocating the passed block size, we need to check that
we're not overflowing gsize when computing the actual allocation size.

3 files changed, 9 insertions, 5 deletions

diff --git a/glib/garcbox.c b/glib/garcbox.c
index 4182e986e..25c806ef7 100644
--- a/glib/garcbox.c
+++ b/glib/garcbox.c
@@ -18,10 +18,9 @@
 
 #include "config.h"
 
-#include "grcbox.h"
+#include "grcboxprivate.h"
 
 #include "gmessages.h"
-#include "grcboxprivate.h"
 #include "grefcount.h"
 
 #ifdef ENABLE_VALGRIND
diff --git a/glib/grcbox.c b/glib/grcbox.c
index 5a4d87424..0629c1279 100644
--- a/glib/grcbox.c
+++ b/glib/grcbox.c
@@ -18,11 +18,11 @@
 
 #include "config.h"
 
-#include "grcbox.h"
+#include "grcboxprivate.h"
 
 #include "gmessages.h"
-#include "grcboxprivate.h"
 #include "grefcount.h"
+#include "gtestutils.h"
 
 #ifdef ENABLE_VALGRIND
 #include "valgrind.h"
@@ -173,9 +173,12 @@ g_rc_box_alloc_full (gsize    block_size,
 {
   /* sizeof GArcBox == sizeof GRcBox */
   gsize private_size = G_ARC_BOX_SIZE;
-  gsize real_size = private_size + block_size;
+  gsize real_size;
   char *allocated;
 
+  g_assert (block_size < (G_MAXSIZE - G_ARC_BOX_SIZE));
+  real_size = private_size + block_size;
+
 #ifdef ENABLE_VALGRIND
   if (RUNNING_ON_VALGRIND)
     {
@@ -185,6 +188,7 @@ g_rc_box_alloc_full (gsize    block_size,
        * Valgrind to keep track of the over-allocation and not be
        * confused when passing the pointer around
        */
+      g_assert (private_size < (G_MAXSIZE - ALIGN_STRUCT (1)));
       private_size += ALIGN_STRUCT (1);
 
       if (clear)
diff --git a/glib/grcboxprivate.h b/glib/grcboxprivate.h
index 6599e4d4a..7504d9d95 100644
--- a/glib/grcboxprivate.h
+++ b/glib/grcboxprivate.h
@@ -1,6 +1,7 @@
 #pragma once
 
 #include "gtypes.h"
+#include "grcbox.h"
 
 G_BEGIN_DECLS