Skip to content

M
mruby
Commit 9b3a4fd8 authored by Yukihiro Matsumoto's avatar Yukihiro Matsumoto
Browse files
Options

avoid integer overflow

parent f086dbd5
Show whitespace changes
Inline Side-by-side
Showing with 7 additions and 2 deletions
src/array.c
View file @ 9b3a4fd8
...@@ -34,6 +34,7 @@ mrb_value ...@@ -34,6 +34,7 @@ mrb_value
mrb_ary_new_capa(mrb_state *mrb, size_t capa) mrb_ary_new_capa(mrb_state *mrb, size_t capa)
{ {
struct RArray *a; struct RArray *a;
size_t blen;
#ifdef LONG_MAX #ifdef LONG_MAX
if (capa > ARY_MAX_SIZE) { if (capa > ARY_MAX_SIZE) {
...@@ -43,10 +44,14 @@ mrb_ary_new_capa(mrb_state *mrb, size_t capa) ...@@ -43,10 +44,14 @@ mrb_ary_new_capa(mrb_state *mrb, size_t capa)
if (capa < ARY_DEFAULT_LEN) { if (capa < ARY_DEFAULT_LEN) {
capa = ARY_DEFAULT_LEN; capa = ARY_DEFAULT_LEN;
} }
blen = capa * sizeof(mrb_value) ;
if (blen < capa) {
mrb_raise(mrb, E_ARGUMENT_ERROR, "ary size too big");
}
a = mrb_obj_alloc(mrb, MRB_TT_ARRAY, mrb->array_class); a = mrb_obj_alloc(mrb, MRB_TT_ARRAY, mrb->array_class);
a->buf = mrb_malloc(mrb, sizeof(mrb_value) * capa); a->buf = mrb_malloc(mrb, blen);
memset(a->buf, 0, sizeof(mrb_value) * capa); memset(a->buf, 0, blen);
a->capa = capa; a->capa = capa;
a->len = 0; a->len = 0;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment