[dconf] dconf-reader: more robust bounds checking

[Ryan Lortie <ryanl src gnome org>]

commit 80e874da181bb27eeb21c11a7f80d2289aeb8259
Author: Ryan Lortie <desrt desrt ca>
Date:   Wed Aug 19 12:40:55 2009 -0400

    dconf-reader: more robust bounds checking

 dconf/dconf-reader.c |   24 +++++++++++++-----------
 1 files changed, 13 insertions(+), 11 deletions(-)
---
diff --git a/dconf/dconf-reader.c b/dconf/dconf-reader.c
index b0fc17f..b57cd45 100644
--- a/dconf/dconf-reader.c
+++ b/dconf/dconf-reader.c
@@ -104,12 +104,18 @@ dconf_reader_ensure_valid (DConfReader *reader)
 }
 
 static gboolean
-dconf_reader_past_end (DConfReader         *reader,
-                       const volatile void *item)
+dconf_reader_range_ok (DConfReader         *reader,
+                       const volatile void *start,
+                       const volatile void *end)
 {
-  return item > reader->end;
+  return (const volatile void *) reader->data.blocks <= start &&
+         start <= end &&
+         end <= reader->end;
 }
 
+#define dconf_reader_index_ok(reader, array, index) \
+  (dconf_reader_range_ok (reader, &array[index], &array[index + 1]))
+
 static const volatile void *
 dconf_reader_get_chunk (DConfReader *reader,
                         guint32      index,
@@ -122,17 +128,13 @@ dconf_reader_get_chunk (DConfReader *reader,
   if (index < 4)
     return NULL;
 
-  header = &reader->data.blocks[index];
-
-  if (dconf_reader_past_end (reader, header) ||
-      dconf_reader_past_end (reader, header + 1))
+  if (!dconf_reader_index_ok (reader, reader->data.blocks, index))
     return NULL;
 
-  if (header->contents + header->size < header->contents)
-    /* size so big that it wraps the pointer value */
-    return NULL;
+  header = &reader->data.blocks[index];
 
-  if (dconf_reader_past_end (reader, header->contents + header->size))
+  if (!dconf_reader_range_ok (reader, header->contents,
+                              header->contents + header->size))
     return NULL;
 
   *size = header->size;