redo result buffer allocation, to avoid dynamic allocations:

-use exponentially growing buffer sizes instead of just linear extension -drop the dynamic allocation of buffer metadata introduced in rev.1.8 -- if the initial array is not sufficient something is wrong -apply some (arbitrary, heuristic) limit so that compressed data which extract into insane amounts of constant data don't kill the system This addresses PR kern/36864 by Wolfgang Stukenbrock. Some tuning might be useful, but hopefully this is an improvement already.
2011-02-18 22:02:09 +00:00 · 2011-02-18 22:02:09 +00:00 · 896d946a93
commit 896d946a93
parent e786622161
1 changed files with 9 additions and 24 deletions
--- a/sys/opencrypto/deflate.c
+++ b/sys/opencrypto/deflate.c
@ -1,4 +1,4 @@
-/*	$NetBSD: deflate.c,v 1.17 2011/02/18 10:50:56 drochner Exp $ */
+/*	$NetBSD: deflate.c,v 1.18 2011/02/18 22:02:09 drochner Exp $ */
 /*	$FreeBSD: src/sys/opencrypto/deflate.c,v 1.1.2.1 2002/11/21 23:34:23 sam Exp $	*/
 /* $OpenBSD: deflate.c,v 1.3 2001/08/20 02:45:22 hugh Exp $ */
@ -35,7 +35,7 @@
 */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: deflate.c,v 1.17 2011/02/18 10:50:56 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: deflate.c,v 1.18 2011/02/18 22:02:09 drochner Exp $");
 #include <sys/types.h>
 #include <sys/malloc.h>
@ -79,16 +79,10 @@ deflate_global(u_int8_t *data, u_int32_t size, int decomp, u_int8_t **out)
 	u_int8_t *output;
 	u_int32_t count, result, tocopy;
 	int error, i, j;
-	struct deflate_buf *buf, *tmp;
+	struct deflate_buf buf[ZBUF];
 	size_t len;
 	DPRINTF(("deflate_global: size %d\n", size));
 	len = ZBUF;
 	buf = malloc(len*sizeof(struct deflate_buf), M_CRYPTO_DATA, M_NOWAIT);
 	if (buf == NULL)
 		return 0;
 	memset(&zbuf, 0, sizeof(z_stream));
 	zbuf.next_in = data;	/* data that is going to be processed */
 	zbuf.zalloc = ocf_zalloc;
@ -110,7 +104,7 @@ deflate_global(u_int8_t *data, u_int32_t size, int decomp, u_int8_t **out)
 	}
 	buf[0].out = malloc(buf[0].size, M_CRYPTO_DATA, M_NOWAIT);
 	if (buf[0].out == NULL)
-		goto bad3;
+		return 0;
 	i = 1;
 	zbuf.next_out = buf[0].out;
@ -142,21 +136,15 @@ deflate_global(u_int8_t *data, u_int32_t size, int decomp, u_int8_t **out)
 		else if (error != Z_OK)
 			goto bad;
 		else if (zbuf.avail_out == 0) {
 			if (i == len) {
 				len += ZBUF;
 				tmp = realloc(buf,len*sizeof(struct deflate_buf),
 							  M_CRYPTO_DATA, M_NOWAIT);
 				if (tmp == NULL)
 					goto bad;
 				buf = tmp;
 			}
 			/* we need more output space, allocate size */
-			buf[i].out = malloc(size, M_CRYPTO_DATA, M_NOWAIT);
+			int nextsize = buf[i-1].size * 2;
 			if (i == ZBUF || nextsize > 1000000)
 				goto bad;
 			buf[i].out = malloc(nextsize, M_CRYPTO_DATA, M_NOWAIT);
 			if (buf[i].out == NULL)
 				goto bad;
 			zbuf.next_out = buf[i].out;
-			buf[i].size = size;
+			zbuf.avail_out = buf[i].size = nextsize;
 			zbuf.avail_out = buf[i].size;
 			i++;
 		}
 	}
@ -181,7 +169,6 @@ deflate_global(u_int8_t *data, u_int32_t size, int decomp, u_int8_t **out)
 	} else {
 		*out = buf[0].out;
 	}
 	free(buf, M_CRYPTO_DATA);
 	if (decomp)
 		inflateEnd(&zbuf);
 	else
@ -196,8 +183,6 @@ bad:
 bad2:
 	for (j = 0; j < i; j++)
 		free(buf[j].out, M_CRYPTO_DATA);
 bad3:
 	free(buf, M_CRYPTO_DATA);
 	return 0;
 }