Skip to content

M
mruby
Unverified Commit 2760cea4 authored by Clayton Smith's avatar Clayton Smith
Browse files
Options

Prevent signed integer overflow.

parent f93734f6
Show whitespace changes
Inline Side-by-side
Showing with 5 additions and 5 deletions
mrbgems/mruby-sprintf/src/sprintf.c
View file @ 2760cea4
...@@ -200,7 +200,7 @@ check_name_arg(mrb_state *mrb, int posarg, const char *name, mrb_int len) ...@@ -200,7 +200,7 @@ check_name_arg(mrb_state *mrb, int posarg, const char *name, mrb_int len)
#define GETNUM(n, val) \ #define GETNUM(n, val) \
for (; p < end && ISDIGIT(*p); p++) {\ for (; p < end && ISDIGIT(*p); p++) {\
if (n > MRB_INT_MAX/10) {\ if (n > (MRB_INT_MAX - (*p - '0'))/10) {\
mrb_raise(mrb, E_ARGUMENT_ERROR, #val " too big"); \ mrb_raise(mrb, E_ARGUMENT_ERROR, #val " too big"); \
} \ } \
n = 10 * n + (*p - '0'); \ n = 10 * n + (*p - '0'); \
...@@ -1056,18 +1056,18 @@ retry: ...@@ -1056,18 +1056,18 @@ retry:
if (i > 0) if (i > 0)
need = BIT_DIGITS(i); need = BIT_DIGITS(i);
} }
need += (flags&FPREC) ? prec : 6; if (need > MRB_INT_MAX - ((flags&FPREC) ? prec : 6)) {
if (need < 0) {
too_big_width: too_big_width:
mrb_raise(mrb, E_ARGUMENT_ERROR, mrb_raise(mrb, E_ARGUMENT_ERROR,
(width > prec ? "width too big" : "prec too big")); (width > prec ? "width too big" : "prec too big"));
} }
need += (flags&FPREC) ? prec : 6;
if ((flags&FWIDTH) && need < width) if ((flags&FWIDTH) && need < width)
need = width; need = width;
need += 20; if (need > MRB_INT_MAX - 20) {
if (need <= 0) {
goto too_big_width; goto too_big_width;
} }
need += 20;
CHECK(need); CHECK(need);
n = snprintf(&buf[blen], need, fbuf, fval); n = snprintf(&buf[blen], need, fbuf, fval);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment