Skip to content

M
mruby
Commit 48f36d3f authored by Yukihiro "Matz" Matsumoto's avatar Yukihiro "Matz" Matsumoto
Browse files
Options

better integer size assertion suggested by usak

parent 83c1399a
Show whitespace changes
Inline Side-by-side
Showing with 27 additions and 27 deletions
include/mruby.h
View file @ 48f36d3f
...@@ -415,8 +415,10 @@ void* mrb_alloca(mrb_state *mrb, size_t); ...@@ -415,8 +415,10 @@ void* mrb_alloca(mrb_state *mrb, size_t);
#ifdef MRB_DEBUG #ifdef MRB_DEBUG
#include <assert.h> #include <assert.h>
#define mrb_assert(p) assert(p) #define mrb_assert(p) assert(p)
#define mrb_assert_int_fit(t1,n,t2,max) assert((n)>=0 && ((sizeof(n)<=sizeof(t2))||(n<=(t1)(max))))
#else #else
#define mrb_assert(p) ((void)0) #define mrb_assert(p) ((void)0)
#define mrb_assert_int_fit(t1,n,t2,max) ((void)0)
#endif #endif
#if defined(__cplusplus) #if defined(__cplusplus)
......
src/codegen.c
View file @ 48f36d3f
...@@ -719,7 +719,7 @@ attrsym(codegen_scope *s, mrb_sym a) ...@@ -719,7 +719,7 @@ attrsym(codegen_scope *s, mrb_sym a)
+ 1 /* '=' */ + 1 /* '=' */
+ 1 /* '\0' */ + 1 /* '\0' */
); );
mrb_assert(len > 0); mrb_assert_int_fit(mrb_int, len, size_t, SIZE_MAX);
memcpy(name2, name, (size_t)len); memcpy(name2, name, (size_t)len);
name2[len] = '='; name2[len] = '=';
name2[len+1] = '\0'; name2[len+1] = '\0';
......
src/dump.c
View file @ 48f36d3f
...@@ -89,7 +89,7 @@ get_pool_block_size(mrb_state *mrb, mrb_irep *irep) ...@@ -89,7 +89,7 @@ get_pool_block_size(mrb_state *mrb, mrb_irep *irep)
str = mrb_fixnum_to_str(mrb, irep->pool[pool_no], 10); str = mrb_fixnum_to_str(mrb, irep->pool[pool_no], 10);
{ {
mrb_int len = RSTRING_LEN(str); mrb_int len = RSTRING_LEN(str);
mrb_assert(len >= 0 && (size_t)len <= SIZE_MAX); mrb_assert_int_fit(mrb_int, len, size_t, SIZE_MAX);
size += (size_t)len; size += (size_t)len;
} }
break; break;
...@@ -98,7 +98,7 @@ get_pool_block_size(mrb_state *mrb, mrb_irep *irep) ...@@ -98,7 +98,7 @@ get_pool_block_size(mrb_state *mrb, mrb_irep *irep)
{ {
int len; int len;
len = mrb_float_to_str(buf, mrb_float(irep->pool[pool_no])); len = mrb_float_to_str(buf, mrb_float(irep->pool[pool_no]));
mrb_assert(len >= 0 && (size_t)len <= SIZE_MAX); mrb_assert_int_fit(mrb_int, len, size_t, SIZE_MAX);
size += (size_t)len; size += (size_t)len;
} }
break; break;
...@@ -106,7 +106,7 @@ get_pool_block_size(mrb_state *mrb, mrb_irep *irep) ...@@ -106,7 +106,7 @@ get_pool_block_size(mrb_state *mrb, mrb_irep *irep)
case MRB_TT_STRING: case MRB_TT_STRING:
{ {
mrb_int len = RSTRING_LEN(irep->pool[pool_no]); mrb_int len = RSTRING_LEN(irep->pool[pool_no]);
mrb_assert(len >= 0 && (size_t)len <= SIZE_MAX); mrb_assert_int_fit(mrb_int, len, size_t, SIZE_MAX);
size += (size_t)len; size += (size_t)len;
} }
break; break;
...@@ -142,9 +142,9 @@ write_pool_block(mrb_state *mrb, mrb_irep *irep, uint8_t *buf) ...@@ -142,9 +142,9 @@ write_pool_block(mrb_state *mrb, mrb_irep *irep, uint8_t *buf)
char_ptr = RSTRING_PTR(str); char_ptr = RSTRING_PTR(str);
{ {
mrb_int tlen; mrb_int tlen;
tlen = RSTRING_LEN(str); tlen = RSTRING_LEN(str);
mrb_assert(tlen >= 0); mrb_assert_int_fit(mrb_int, tlen, uint16_t, UINT16_MAX);
mrb_assert(tlen <= INT16_MAX);
len = (uint16_t)tlen; len = (uint16_t)tlen;
} }
break; break;
...@@ -154,8 +154,7 @@ write_pool_block(mrb_state *mrb, mrb_irep *irep, uint8_t *buf) ...@@ -154,8 +154,7 @@ write_pool_block(mrb_state *mrb, mrb_irep *irep, uint8_t *buf)
{ {
int tlen; int tlen;
tlen = mrb_float_to_str(char_buf, mrb_float(irep->pool[pool_no])); tlen = mrb_float_to_str(char_buf, mrb_float(irep->pool[pool_no]));
mrb_assert(tlen >= 0); mrb_assert_int_fit(int, tlen, uint16_t, UINT16_MAX);
mrb_assert(tlen <= INT16_MAX);
len = (uint16_t)tlen; len = (uint16_t)tlen;
} }
char_ptr = &char_buf[0]; char_ptr = &char_buf[0];
...@@ -166,9 +165,9 @@ write_pool_block(mrb_state *mrb, mrb_irep *irep, uint8_t *buf) ...@@ -166,9 +165,9 @@ write_pool_block(mrb_state *mrb, mrb_irep *irep, uint8_t *buf)
char_ptr = RSTRING_PTR(irep->pool[pool_no]); char_ptr = RSTRING_PTR(irep->pool[pool_no]);
{ {
mrb_int tlen; mrb_int tlen;
tlen = RSTRING_LEN(irep->pool[pool_no]); tlen = RSTRING_LEN(irep->pool[pool_no]);
mrb_assert(tlen >= 0); mrb_assert_int_fit(mrb_int, tlen, uint16_t, UINT16_MAX);
mrb_assert(tlen <= INT16_MAX);
len = (uint16_t)tlen; len = (uint16_t)tlen;
} }
break; break;
...@@ -222,7 +221,7 @@ write_syms_block(mrb_state *mrb, mrb_irep *irep, uint8_t *buf) ...@@ -222,7 +221,7 @@ write_syms_block(mrb_state *mrb, mrb_irep *irep, uint8_t *buf)
name = mrb_sym2name_len(mrb, irep->syms[sym_no], &len); name = mrb_sym2name_len(mrb, irep->syms[sym_no], &len);
mrb_assert(len <= UINT16_MAX); mrb_assert_int_fit(mrb_int, len, uint16_t, UINT16_MAX);
cur += uint16_to_bin((uint16_t)len, cur); /* length of symbol name */ cur += uint16_to_bin((uint16_t)len, cur); /* length of symbol name */
memcpy(cur, name, len); /* symbol name */ memcpy(cur, name, len); /* symbol name */
cur += (uint16_t)len; cur += (uint16_t)len;
...@@ -315,7 +314,8 @@ write_section_irep_header(mrb_state *mrb, size_t section_size, uint8_t *bin) ...@@ -315,7 +314,8 @@ write_section_irep_header(mrb_state *mrb, size_t section_size, uint8_t *bin)
struct rite_section_irep_header *header = (struct rite_section_irep_header*)bin; struct rite_section_irep_header *header = (struct rite_section_irep_header*)bin;
memcpy(header->section_identify, RITE_SECTION_IREP_IDENTIFIER, sizeof(header->section_identify)); memcpy(header->section_identify, RITE_SECTION_IREP_IDENTIFIER, sizeof(header->section_identify));
mrb_assert(section_size <= UINT32_MAX);
mrb_assert_int_fit(size_t, section_size, uint32_t, UINT32_MAX);
uint32_to_bin((uint32_t)section_size, header->section_size); uint32_to_bin((uint32_t)section_size, header->section_size);
memcpy(header->rite_version, RITE_VM_VER, sizeof(header->rite_version)); memcpy(header->rite_version, RITE_VM_VER, sizeof(header->rite_version));
...@@ -392,7 +392,7 @@ write_lineno_record_1(mrb_state *mrb, mrb_irep *irep, uint8_t* bin) ...@@ -392,7 +392,7 @@ write_lineno_record_1(mrb_state *mrb, mrb_irep *irep, uint8_t* bin)
} else { } else {
filename_len = 0; filename_len = 0;
} }
mrb_assert(filename_len <= UINT16_MAX); mrb_assert_int_fit(size_t, filename_len, uint16_t, UINT16_MAX);
cur += uint16_to_bin((uint16_t)filename_len, cur); /* filename size */ cur += uint16_to_bin((uint16_t)filename_len, cur); /* filename size */
if (filename_len) { if (filename_len) {
...@@ -401,7 +401,7 @@ write_lineno_record_1(mrb_state *mrb, mrb_irep *irep, uint8_t* bin) ...@@ -401,7 +401,7 @@ write_lineno_record_1(mrb_state *mrb, mrb_irep *irep, uint8_t* bin)
} }
if (irep->lines) { if (irep->lines) {
mrb_assert(irep->ilen <= UINT32_MAX); mrb_assert_int_fit(size_t, irep->ilen, uint32_t, UINT32_MAX);
cur += uint32_to_bin((uint32_t)(irep->ilen), cur); /* niseq */ cur += uint32_to_bin((uint32_t)(irep->ilen), cur); /* niseq */
for (iseq_no = 0; iseq_no < irep->ilen; iseq_no++) { for (iseq_no = 0; iseq_no < irep->ilen; iseq_no++) {
cur += uint16_to_bin(irep->lines[iseq_no], cur); /* opcode */ cur += uint16_to_bin(irep->lines[iseq_no], cur); /* opcode */
...@@ -412,12 +412,11 @@ write_lineno_record_1(mrb_state *mrb, mrb_irep *irep, uint8_t* bin) ...@@ -412,12 +412,11 @@ write_lineno_record_1(mrb_state *mrb, mrb_irep *irep, uint8_t* bin)
} }
diff = cur - bin; diff = cur - bin;
mrb_assert(diff >= 0); mrb_assert_int_fit(ptrdiff_t, diff, uint32_t, UINT32_MAX);
mrb_assert((uint32_t)diff <= UINT32_MAX);
uint32_to_bin((uint32_t)diff, bin); /* record size */ uint32_to_bin((uint32_t)diff, bin); /* record size */
mrb_assert((size_t)diff <= SIZE_MAX); mrb_assert_int_fit(ptrdiff_t, diff, size_t, SIZE_MAX);
return (size_t)diff; return (size_t)diff;
} }
...@@ -565,8 +564,7 @@ write_debug_record_1(mrb_state *mrb, mrb_irep *irep, uint8_t *bin, mrb_sym const ...@@ -565,8 +564,7 @@ write_debug_record_1(mrb_state *mrb, mrb_irep *irep, uint8_t *bin, mrb_sym const
/* filename index */ /* filename index */
filename_idx = find_filename_index(filenames, filenames_len, filename_idx = find_filename_index(filenames, filenames_len,
file->filename_sym); file->filename_sym);
mrb_assert(filename_idx >= 0); mrb_assert_int_fit(int, filename_idx, uint16_t, UINT16_MAX);
mrb_assert(filename_idx <= UINT16_MAX);
cur += uint16_to_bin((uint16_t)filename_idx, cur); cur += uint16_to_bin((uint16_t)filename_idx, cur);
/* lines */ /* lines */
...@@ -593,10 +591,10 @@ write_debug_record_1(mrb_state *mrb, mrb_irep *irep, uint8_t *bin, mrb_sym const ...@@ -593,10 +591,10 @@ write_debug_record_1(mrb_state *mrb, mrb_irep *irep, uint8_t *bin, mrb_sym const
} }
ret = cur - bin; ret = cur - bin;
mrb_assert(ret >= 0 && (uint32_t)ret <= UINT32_MAX); mrb_assert_int_fit(ptrdiff_t, ret, uint32_t, UINT32_MAX);
uint32_to_bin(ret, bin); uint32_to_bin(ret, bin);
mrb_assert(ret >= 0 && (size_t)ret <= SIZE_MAX); mrb_assert_int_fit(ptrdiff_t, ret, size_t, SIZE_MAX);
return (size_t)ret; return (size_t)ret;
} }
......
src/load.c
View file @ 48f36d3f
...@@ -156,7 +156,7 @@ read_irep_record_1(mrb_state *mrb, const uint8_t *bin, size_t *len, mrb_bool all ...@@ -156,7 +156,7 @@ read_irep_record_1(mrb_state *mrb, const uint8_t *bin, size_t *len, mrb_bool all
irep->reps = (mrb_irep**)mrb_malloc(mrb, sizeof(mrb_irep*)*irep->rlen); irep->reps = (mrb_irep**)mrb_malloc(mrb, sizeof(mrb_irep*)*irep->rlen);
diff = src - bin; diff = src - bin;
mrb_assert(diff >= 0 && (size_t)diff <= SIZE_MAX); mrb_assert_int_fit(ptrdiff_t, diff, size_t, SIZE_MAX);
*len = (size_t)diff; *len = (size_t)diff;
return irep; return irep;
...@@ -333,7 +333,7 @@ read_debug_record(mrb_state *mrb, const uint8_t *start, mrb_irep* irep, size_t * ...@@ -333,7 +333,7 @@ read_debug_record(mrb_state *mrb, const uint8_t *start, mrb_irep* irep, size_t *
} }
diff = bin - start; diff = bin - start;
mrb_assert(diff >= 0 && (size_t)diff <= SIZE_MAX); mrb_assert_int_fit(ptrdiff_t, diff, size_t, SIZE_MAX);
if (record_size != (size_t)diff) { if (record_size != (size_t)diff) {
return MRB_DUMP_GENERAL_FAILURE; return MRB_DUMP_GENERAL_FAILURE;
...@@ -349,7 +349,7 @@ read_debug_record(mrb_state *mrb, const uint8_t *start, mrb_irep* irep, size_t * ...@@ -349,7 +349,7 @@ read_debug_record(mrb_state *mrb, const uint8_t *start, mrb_irep* irep, size_t *
} }
diff = bin - start; diff = bin - start;
mrb_assert(diff >=0 && (size_t)diff <= SIZE_MAX); mrb_assert_int_fit(ptrdiff_t, diff, size_t, SIZE_MAX);
*record_len = (size_t)diff; *record_len = (size_t)diff;
return MRB_DUMP_OK; return MRB_DUMP_OK;
...@@ -391,7 +391,7 @@ read_section_debug(mrb_state *mrb, const uint8_t *start, mrb_irep *irep, mrb_boo ...@@ -391,7 +391,7 @@ read_section_debug(mrb_state *mrb, const uint8_t *start, mrb_irep *irep, mrb_boo
bin += len; bin += len;
diff = bin - start; diff = bin - start;
mrb_assert(diff >= 0 && (size_t)diff <= UINT32_MAX); mrb_assert_int_fit(ptrdiff_t, diff, size_t, SIZE_MAX);
if ((uint32_t)diff != bin_to_uint32(header->section_size)) { if ((uint32_t)diff != bin_to_uint32(header->section_size)) {
result = MRB_DUMP_GENERAL_FAILURE; result = MRB_DUMP_GENERAL_FAILURE;
} }
......
src/string.c
View file @ 48f36d3f
...@@ -272,7 +272,7 @@ str_buf_cat(mrb_state *mrb, struct RString *s, const char *ptr, size_t len) ...@@ -272,7 +272,7 @@ str_buf_cat(mrb_state *mrb, struct RString *s, const char *ptr, size_t len)
ptr = STR_PTR(s) + off; ptr = STR_PTR(s) + off;
} }
memcpy(STR_PTR(s) + STR_LEN(s), ptr, len); memcpy(STR_PTR(s) + STR_LEN(s), ptr, len);
mrb_assert(total <= MRB_INT_MAX); mrb_assert_int_fit(size_t, total, mrb_int, MRB_INT_MAX);
STR_SET_LEN(s, total); STR_SET_LEN(s, total);
STR_PTR(s)[total] = '\0'; /* sentinel */ STR_PTR(s)[total] = '\0'; /* sentinel */
} }
......
src/symbol.c
View file @ 48f36d3f
...@@ -401,7 +401,7 @@ sym_inspect(mrb_state *mrb, mrb_value sym) ...@@ -401,7 +401,7 @@ sym_inspect(mrb_state *mrb, mrb_value sym)
sp = RSTRING_PTR(str); sp = RSTRING_PTR(str);
RSTRING_PTR(str)[0] = ':'; RSTRING_PTR(str)[0] = ':';
memcpy(sp+1, name, len); memcpy(sp+1, name, len);
mrb_assert(len > 0 && (size_t)len <= SIZE_MAX); mrb_assert_int_fit(mrb_int, len, size_t, SIZE_MAX);
if (!symname_p(name) || strlen(name) != (size_t)len) { if (!symname_p(name) || strlen(name) != (size_t)len) {
str = mrb_str_dump(mrb, str); str = mrb_str_dump(mrb, str);
sp = RSTRING_PTR(str); sp = RSTRING_PTR(str);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment