embryo: fix a integer(cell) overflow problem

Summary: The most of functions for embryo based on cell(int) types. addvariable(), defsymbol(), modstk() and etc. Because of this, if embryo script has a really big(INT_MAX / 4) stack variable, integer overflow problem has been happened. @fix Test Plan: Put a script in your EDC like the following code. Build it and try to access the variable. Or check the writen HEX value by embryo_cc. script { // It's size is 1,000,000,000. // Remember, INT_MAX is 2,147,483,647. new my_big_variable[1000000000]; ... } Reviewers: cedric, woohyun, raster, eunue, SanghyeonLee Reviewed By: eunue, SanghyeonLee Subscribers: cedric, #reviewers, #committers Tags: #efl Differential Revision: https://phab.enlightenment.org/D12081
2020-08-04 14:47:14 +09:00 · 2020-08-04 14:47:14 +09:00 · 5af8301bad
parent 279cc45132
commit 5af8301bad
1 changed files with 4 additions and 3 deletions
--- a/src/bin/embryo/embryo_cc_sc1.c
+++ b/src/bin/embryo/embryo_cc_sc1.c
@ -1203,10 +1203,8 @@ declloc(int fstatic)
 	     if (numdim > 0 && dim[numdim - 1] == 0)
 		error(52);	/* only last dimension may be variable length */
 	     size = needsub(&idxtag[numdim]);	/* get size; size==0 for "var[]" */
-#if INT_MAX < CELL_MAX
-	     if (size > INT_MAX)
+	     if ((unsigned long long)size * sizeof(cell) > MIN(INT_MAX, CELL_MAX))
 		error(105);	/* overflow, exceeding capacity */
-#endif
 	     dim[numdim++] = (int)size;
 	  }			/* while */
 	if (ident == iARRAY || fstatic)
@ -1237,6 +1235,9 @@ declloc(int fstatic)
 	  }
 	else
 	  {
+         if (((unsigned long long)declared + (unsigned long long)size) * sizeof(cell) >
+             MIN(INT_MAX, CELL_MAX))
+            error(105);
 	     declared += (int)size;	/* variables are put on stack,
 					 * adjust "declared" */
 	     sym =