From 9d4a9ea675bcc1ca144101d058804f4fed37e65d Mon Sep 17 00:00:00 2001
From: Miklos Szeredi <miklos@szeredi.hu>
Date: Tue, 10 Jun 2008 18:31:55 +0000
Subject: Fix theoretical infinite loops in libfuse

---
 lib/fuse.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

(limited to 'lib/fuse.c')

diff --git a/lib/fuse.c b/lib/fuse.c
index 53326f3..519ef04 100644
--- a/lib/fuse.c
+++ b/lib/fuse.c
@@ -442,8 +442,12 @@ static char *add_name(char **buf, unsigned *bufsize, char *s, const char *name)
 		unsigned newbufsize = *bufsize;
 		char *newbuf;
 
-		while (newbufsize < pathlen + len + 1)
-			newbufsize *= 2;
+		while (newbufsize < pathlen + len + 1) {
+			if (newbufsize >= 0x80000000)
+				newbufsize = 0xffffffff;
+			else
+				newbufsize *= 2;
+		}
 
 		newbuf = realloc(*buf, newbufsize);
 		if (newbuf == NULL)
@@ -2364,8 +2368,12 @@ static int extend_contents(struct fuse_dh *dh, unsigned minsize)
 		unsigned newsize = dh->size;
 		if (!newsize)
 			newsize = 1024;
-		while (newsize < minsize)
-			newsize *= 2;
+		while (newsize < minsize) {
+			if (newsize >= 0x80000000)
+				newsize = 0xffffffff;
+			else
+				newsize *= 2;
+		}
 
 		newptr = (char *) realloc(dh->contents, newsize);
 		if (!newptr) {
-- 
cgit v1.2.3