On 07/14/2017 12:42 PM, Frediano Ziglio wrote:
It can happen that new_size, although double the previous
io.size is still not big enough.
Signed-off-by: Uri Lublin <uril@xxxxxxxxxx>
---
vdagent/imagepng.cpp | 3 +++
1 file changed, 3 insertions(+)
diff --git a/vdagent/imagepng.cpp b/vdagent/imagepng.cpp
index 7108675..de0eb2f 100644
--- a/vdagent/imagepng.cpp
+++ b/vdagent/imagepng.cpp
@@ -61,6 +61,9 @@ static void write_to_bufio(png_structp png, png_bytep in,
png_size_t size)
if (io.pos + size >= io.size) {
io.allocated = true;
uint32_t new_size = io.size ? io.size * 2 : 4096;
+ while (io.pos + size >= new_size) {
+ new_size *= 2;
+ }
uint8_t *p = (uint8_t*) realloc(io.buf, new_size);
if (!p)
png_error(png, "out of memory");
As a fix to a not merged patch I think should be squashed in the other one.
OK.
Also I think the check should be "io.pos + size > new_size" (same change on the if
above).
It should be safe.
Not sure how this change affects performance (probably negligible):
- removing '=' from outer loop can save a call to realloc
- removing '=' from inner loop -- next write will cause another realloc.
on the other hand if there is no next write, it's better.
Uri.
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel