summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYoungbok Shin <youngb.shin@samsung.com>2020-08-04 14:47:14 +0900
committerSangHyeon Jade Lee <sh10233.lee@samsung.com>2020-08-04 14:48:02 +0900
commit5af8301bad989a49a1feb736bc62125ac6b3ddbd (patch)
treef668840f308a0646604da427910b3abfc493f271
parent279cc45132050bb252340565455e60eadb34ceb4 (diff)
embryo: fix a integer(cell) overflow problem
Summary: The most of functions for embryo based on cell(int) types. addvariable(), defsymbol(), modstk() and etc. Because of this, if embryo script has a really big(INT_MAX / 4) stack variable, integer overflow problem has been happened. @fix Test Plan: Put a script in your EDC like the following code. Build it and try to access the variable. Or check the writen HEX value by embryo_cc. script { // It's size is 1,000,000,000. // Remember, INT_MAX is 2,147,483,647. new my_big_variable[1000000000]; ... } Reviewers: cedric, woohyun, raster, eunue, SanghyeonLee Reviewed By: eunue, SanghyeonLee Subscribers: cedric, #reviewers, #committers Tags: #efl Differential Revision: https://phab.enlightenment.org/D12081
-rw-r--r--src/bin/embryo/embryo_cc_sc1.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/src/bin/embryo/embryo_cc_sc1.c b/src/bin/embryo/embryo_cc_sc1.c
index 1189ce807b..7595be8299 100644
--- a/src/bin/embryo/embryo_cc_sc1.c
+++ b/src/bin/embryo/embryo_cc_sc1.c
@@ -1203,10 +1203,8 @@ declloc(int fstatic)
1203 if (numdim > 0 && dim[numdim - 1] == 0) 1203 if (numdim > 0 && dim[numdim - 1] == 0)
1204 error(52); /* only last dimension may be variable length */ 1204 error(52); /* only last dimension may be variable length */
1205 size = needsub(&idxtag[numdim]); /* get size; size==0 for "var[]" */ 1205 size = needsub(&idxtag[numdim]); /* get size; size==0 for "var[]" */
1206#if INT_MAX < CELL_MAX 1206 if ((unsigned long long)size * sizeof(cell) > MIN(INT_MAX, CELL_MAX))
1207 if (size > INT_MAX)
1208 error(105); /* overflow, exceeding capacity */ 1207 error(105); /* overflow, exceeding capacity */
1209#endif
1210 dim[numdim++] = (int)size; 1208 dim[numdim++] = (int)size;
1211 } /* while */ 1209 } /* while */
1212 if (ident == iARRAY || fstatic) 1210 if (ident == iARRAY || fstatic)
@@ -1237,6 +1235,9 @@ declloc(int fstatic)
1237 } 1235 }
1238 else 1236 else
1239 { 1237 {
1238 if (((unsigned long long)declared + (unsigned long long)size) * sizeof(cell) >
1239 MIN(INT_MAX, CELL_MAX))
1240 error(105);
1240 declared += (int)size; /* variables are put on stack, 1241 declared += (int)size; /* variables are put on stack,
1241 * adjust "declared" */ 1242 * adjust "declared" */
1242 sym = 1243 sym =