Prevents incremental +1 tallocs, and the original
idea of this array was that it wasn't freed for
io efficiency reasons. Add paranoia integer wrap
protection also.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
if (array_len <= fsp->num_aio_requests) {
struct tevent_req **tmp;
+ if (fsp->num_aio_requests + 10 < 10) {
+ /* Integer wrap. */
+ TALLOC_FREE(lnk);
+ return false;
+ }
+
+ /*
+ * Allocate in blocks of 10 so we don't allocate
+ * on every aio request.
+ */
tmp = talloc_realloc(
fsp, fsp->aio_requests, struct tevent_req *,
- fsp->num_aio_requests+1);
+ fsp->num_aio_requests+10);
if (tmp == NULL) {
TALLOC_FREE(lnk);
return false;