diff options
author | akr <akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-04-09 21:37:04 +0000 |
---|---|---|
committer | akr <akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-04-09 21:37:04 +0000 |
commit | e699df95d0a4d91d150e696079784befa4e3c1e6 (patch) | |
tree | 6c892ae0638a436c9d44021a0a902cd4b746d37e | |
parent | 712c7168bf55f61df33efa2a7552e4b3c25b306c (diff) | |
download | ruby-e699df95d0a4d91d150e696079784befa4e3c1e6.tar.gz |
* internal.h (MUL_OVERFLOW_INT_P): New macro.
* sprintf.c (GETNUM): Don't overflow on signed integer multiplication.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40209 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | internal.h | 1 | ||||
-rw-r--r-- | sprintf.c | 10 |
3 files changed, 14 insertions, 3 deletions
@@ -1,3 +1,9 @@ +Wed Apr 10 06:32:12 2013 Tanaka Akira <akr@fsij.org> + + * internal.h (MUL_OVERFLOW_INT_P): New macro. + + * sprintf.c (GETNUM): Don't overflow on signed integer multiplication. + Tue Apr 9 20:38:20 2013 Tanaka Akira <akr@fsij.org> * internal.h (MUL_OVERFLOW_SIGNED_INTEGER_P): New macro. diff --git a/internal.h b/internal.h index 5e9ce2460a..964f8a3467 100644 --- a/internal.h +++ b/internal.h @@ -36,6 +36,7 @@ extern "C" { ((b) > 0 ? (min) / (a) < (b) : (max) / (a) > (b))) #define MUL_OVERFLOW_FIXNUM_P(a, b) MUL_OVERFLOW_SIGNED_INTEGER_P(a, b, FIXNUM_MIN, FIXNUM_MAX) #define MUL_OVERFLOW_LONG_P(a, b) MUL_OVERFLOW_SIGNED_INTEGER_P(a, b, LONG_MIN, LONG_MAX) +#define MUL_OVERFLOW_INT_P(a, b) MUL_OVERFLOW_SIGNED_INTEGER_P(a, b, INT_MIN, INT_MAX) struct rb_deprecated_classext_struct { char conflict[sizeof(VALUE) * 3]; @@ -14,6 +14,7 @@ #include "ruby/ruby.h" #include "ruby/re.h" #include "ruby/encoding.h" +#include "internal.h" #include <math.h> #include <stdarg.h> @@ -128,10 +129,13 @@ sign_bits(int base, const char *p) #define GETNUM(n, val) \ for (; p < end && rb_enc_isdigit(*p, enc); p++) { \ - int next_n = 10 * (n) + (*p - '0'); \ - if (next_n / 10 != (n)) {\ + int next_n = (n); \ + if (MUL_OVERFLOW_INT_P(10, next_n)) \ rb_raise(rb_eArgError, #val " too big"); \ - } \ + next_n *= 10; \ + if (INT_MAX - (*p - '0') < next_n) \ + rb_raise(rb_eArgError, #val " too big"); \ + next_n += *p - '0'; \ (n) = next_n; \ } \ if (p >= end) { \ |