Skip to content

M
mruby
Commit cfdd1e3c authored by Yukihiro "Matz" Matsumoto's avatar Yukihiro "Matz" Matsumoto
Browse files
Options

ary_expand_capa(): refine conditions to avoid infinite loop; ref #3353

parent 9d84f0d4
Show whitespace changes
Inline Side-by-side
Showing with 7 additions and 4 deletions
src/array.c
View file @ cfdd1e3c
...@@ -170,6 +170,7 @@ ary_expand_capa(mrb_state *mrb, struct RArray *a, size_t len) ...@@ -170,6 +170,7 @@ ary_expand_capa(mrb_state *mrb, struct RArray *a, size_t len)
size_t capa = a->aux.capa; size_t capa = a->aux.capa;
if (len > ARY_MAX_SIZE) { if (len > ARY_MAX_SIZE) {
size_error:
mrb_raise(mrb, E_ARGUMENT_ERROR, "array size too big"); mrb_raise(mrb, E_ARGUMENT_ERROR, "array size too big");
} }
...@@ -177,13 +178,15 @@ ary_expand_capa(mrb_state *mrb, struct RArray *a, size_t len) ...@@ -177,13 +178,15 @@ ary_expand_capa(mrb_state *mrb, struct RArray *a, size_t len)
capa = ARY_DEFAULT_LEN; capa = ARY_DEFAULT_LEN;
} }
while (capa < len) { while (capa < len) {
if (capa <= ARY_MAX_SIZE / 2) {
capa *= 2; capa *= 2;
if (capa > ARY_MAX_SIZE) { }
capa = ARY_MAX_SIZE; else {
goto size_error;
} }
} }
if (capa < len || capa > MRB_INT_MAX) { if (capa < len || capa > MRB_INT_MAX) {
mrb_raise(mrb, E_ARGUMENT_ERROR, "array size too big"); goto size_error;
} }
if (capa > (size_t)a->aux.capa) { if (capa > (size_t)a->aux.capa) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment