From 33bcf76950431de0c5db8edca2994dec419e1baa Mon Sep 17 00:00:00 2001 From: Armin Novak Date: Thu, 19 Feb 2026 11:53:25 +0100 Subject: [PATCH] [winpr,collections] fix Queue and MessageQueue EnsureCapacity was nulling the wrong elements, this commit rectifies that. --- .../libwinpr/utils/collections/MessageQueue.c | 12 +++++-- winpr/libwinpr/utils/collections/Queue.c | 31 +++++++++++++------ 2 files changed, 30 insertions(+), 13 deletions(-) diff --git a/winpr/libwinpr/utils/collections/MessageQueue.c b/winpr/libwinpr/utils/collections/MessageQueue.c index 95729cd6f..6f6474bd5 100644 --- a/winpr/libwinpr/utils/collections/MessageQueue.c +++ b/winpr/libwinpr/utils/collections/MessageQueue.c @@ -135,18 +135,24 @@ static BOOL MessageQueue_EnsureCapacity(wMessageQueue* queue, size_t count) size_t slots = new_capacity - old_capacity; const size_t batch = (tocopy < slots) ? tocopy : slots; CopyMemory(&(queue->array[old_capacity]), queue->array, batch * sizeof(wMessage)); - ZeroMemory(queue->array, batch * sizeof(wMessage)); /* Tail is decremented. if the whole thing is appended * just move the existing tail by old_capacity */ if (tocopy < slots) + { + ZeroMemory(queue->array, batch * sizeof(wMessage)); queue->tail += old_capacity; + } else { - const size_t movesize = (queue->tail - batch) * sizeof(wMessage); + const size_t remain = queue->tail - batch; + const size_t movesize = remain * sizeof(wMessage); memmove_s(queue->array, queue->tail * sizeof(wMessage), &queue->array[batch], movesize); - ZeroMemory(&queue->array[batch], movesize); + + const size_t zerooffset = remain; + const size_t zerosize = (queue->tail - remain) * sizeof(wMessage); + ZeroMemory(&queue->array[zerooffset], zerosize); queue->tail -= batch; } } diff --git a/winpr/libwinpr/utils/collections/Queue.c b/winpr/libwinpr/utils/collections/Queue.c index 61ba477d7..c487ff173 100644 --- a/winpr/libwinpr/utils/collections/Queue.c +++ b/winpr/libwinpr/utils/collections/Queue.c @@ -188,18 +188,23 @@ BOOL Queue_Contains(wQueue* queue, const void* obj) static BOOL Queue_EnsureCapacity(wQueue* queue, size_t count) { + const size_t blocksize = 32ull; WINPR_ASSERT(queue); - if (queue->size + count > queue->capacity) + if (queue->growthFactor > SIZE_MAX / blocksize) + return FALSE; + + const size_t increment = blocksize * queue->growthFactor; + if (queue->size > SIZE_MAX - count) + return FALSE; + + const size_t required = queue->size + count; + if (required > queue->capacity) { - if (queue->growthFactor > SIZE_MAX / 32ull) - return FALSE; - if (queue->size > SIZE_MAX - count) + const size_t old_capacity = queue->capacity; + if (required > SIZE_MAX - increment) return FALSE; - const size_t increment = 32ull * queue->growthFactor; - const size_t old_capacity = queue->capacity; - const size_t required = queue->size + count; const size_t new_capacity = required + increment - required % increment; if (new_capacity > SIZE_MAX / sizeof(BYTE*)) return FALSE; @@ -222,18 +227,24 @@ static BOOL Queue_EnsureCapacity(wQueue* queue, size_t count) const size_t batch = (tocopy < slots) ? tocopy : slots; CopyMemory(&(queue->array[old_capacity]), queue->array, batch * sizeof(uintptr_t)); - ZeroMemory(queue->array, batch * sizeof(uintptr_t)); /* Tail is decremented. if the whole thing is appended * just move the existing tail by old_capacity */ if (tocopy < slots) + { + ZeroMemory(queue->array, batch * sizeof(uintptr_t)); queue->tail += old_capacity; + } else { - const size_t movesize = (queue->tail - batch) * sizeof(uintptr_t); + const size_t remain = queue->tail - batch; + const size_t movesize = remain * sizeof(uintptr_t); memmove_s(queue->array, queue->tail * sizeof(uintptr_t), &queue->array[batch], movesize); - ZeroMemory(&queue->array[batch], movesize); + + const size_t zerooffset = remain; + const size_t zerosize = (queue->tail - remain) * sizeof(uintptr_t); + ZeroMemory(&queue->array[zerooffset], zerosize); queue->tail -= batch; } }