Nelson Bolyard (seldom reads bugmail) Reporter
	Description • 19 years ago

This bug reports several errors.  I know that's bad bugzilla practice.
Depending on how one is fixed, the others may or may not need fixing.
I found this by examining code while reviewing a patch for bug 298906.

First.  PORT_ArenaGrow asserts that newsize >= oldsize, but doesn't 
take any action in optimized builds to prevent the problem.  If (as it 
appears to me) PL_ARENA_GROW can't stand negative numbers for the last
argument, then PORT_ArenaGrow should ensure that it NEVER passes them 
to PL_ARENA_GROW, not even in optimized builds.  Perhaps PORT_ArenaGrow
should just treat oldsize > newsize as a trivial success case, and not
assert, but simply return ptr without taking any action.

Second, when the arena argument is non-NULL, SECITEM_ReallocItem calls
PL_ARENA_GROW without first checking that oldlen <= newlen.  In this
case (arena non-NULL, oldlen > newlen, the function should probably 
just leave item->data unchanged.  And of course, this function should 
set item->len to the new value when it succeeds.  

If PORT_ArenaGrow is fixed to tread new < old as a success, then perhaps
there is no further fix needed for this issue in SECITEM_ReallocItem.

Perhaps the part of this bug regarding SECITEM_ReallocItem should be
combined with bug 298649, and this bug should be only about 
PORT_ArenaGrow.