From 5af8301bad989a49a1feb736bc62125ac6b3ddbd Mon Sep 17 00:00:00 2001 From: Youngbok Shin Date: Tue, 4 Aug 2020 14:47:14 +0900 Subject: [PATCH] embryo: fix a integer(cell) overflow problem Summary: The most of functions for embryo based on cell(int) types. addvariable(), defsymbol(), modstk() and etc. Because of this, if embryo script has a really big(INT_MAX / 4) stack variable, integer overflow problem has been happened. @fix Test Plan: Put a script in your EDC like the following code. Build it and try to access the variable. Or check the writen HEX value by embryo_cc. script { // It's size is 1,000,000,000. // Remember, INT_MAX is 2,147,483,647. new my_big_variable[1000000000]; ... } Reviewers: cedric, woohyun, raster, eunue, SanghyeonLee Reviewed By: eunue, SanghyeonLee Subscribers: cedric, #reviewers, #committers Tags: #efl Differential Revision: https://phab.enlightenment.org/D12081 --- src/bin/embryo/embryo_cc_sc1.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/bin/embryo/embryo_cc_sc1.c b/src/bin/embryo/embryo_cc_sc1.c index 1189ce807b..7595be8299 100644 --- a/src/bin/embryo/embryo_cc_sc1.c +++ b/src/bin/embryo/embryo_cc_sc1.c @@ -1203,10 +1203,8 @@ declloc(int fstatic) if (numdim > 0 && dim[numdim - 1] == 0) error(52); /* only last dimension may be variable length */ size = needsub(&idxtag[numdim]); /* get size; size==0 for "var[]" */ -#if INT_MAX < CELL_MAX - if (size > INT_MAX) + if ((unsigned long long)size * sizeof(cell) > MIN(INT_MAX, CELL_MAX)) error(105); /* overflow, exceeding capacity */ -#endif dim[numdim++] = (int)size; } /* while */ if (ident == iARRAY || fstatic) @@ -1237,6 +1235,9 @@ declloc(int fstatic) } else { + if (((unsigned long long)declared + (unsigned long long)size) * sizeof(cell) > + MIN(INT_MAX, CELL_MAX)) + error(105); declared += (int)size; /* variables are put on stack, * adjust "declared" */ sym =