forked from enlightenment/efl
embryo: fix a integer(cell) overflow problem
Summary: The most of functions for embryo based on cell(int) types. addvariable(), defsymbol(), modstk() and etc. Because of this, if embryo script has a really big(INT_MAX / 4) stack variable, integer overflow problem has been happened. @fix Test Plan: Put a script in your EDC like the following code. Build it and try to access the variable. Or check the writen HEX value by embryo_cc. script { // It's size is 1,000,000,000. // Remember, INT_MAX is 2,147,483,647. new my_big_variable[1000000000]; ... } Reviewers: cedric, woohyun, raster, eunue, SanghyeonLee Reviewed By: eunue, SanghyeonLee Subscribers: cedric, #reviewers, #committers Tags: #efl Differential Revision: https://phab.enlightenment.org/D12081
This commit is contained in:
parent
279cc45132
commit
5af8301bad
|
@ -1203,10 +1203,8 @@ declloc(int fstatic)
|
||||||
if (numdim > 0 && dim[numdim - 1] == 0)
|
if (numdim > 0 && dim[numdim - 1] == 0)
|
||||||
error(52); /* only last dimension may be variable length */
|
error(52); /* only last dimension may be variable length */
|
||||||
size = needsub(&idxtag[numdim]); /* get size; size==0 for "var[]" */
|
size = needsub(&idxtag[numdim]); /* get size; size==0 for "var[]" */
|
||||||
#if INT_MAX < CELL_MAX
|
if ((unsigned long long)size * sizeof(cell) > MIN(INT_MAX, CELL_MAX))
|
||||||
if (size > INT_MAX)
|
|
||||||
error(105); /* overflow, exceeding capacity */
|
error(105); /* overflow, exceeding capacity */
|
||||||
#endif
|
|
||||||
dim[numdim++] = (int)size;
|
dim[numdim++] = (int)size;
|
||||||
} /* while */
|
} /* while */
|
||||||
if (ident == iARRAY || fstatic)
|
if (ident == iARRAY || fstatic)
|
||||||
|
@ -1237,6 +1235,9 @@ declloc(int fstatic)
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
if (((unsigned long long)declared + (unsigned long long)size) * sizeof(cell) >
|
||||||
|
MIN(INT_MAX, CELL_MAX))
|
||||||
|
error(105);
|
||||||
declared += (int)size; /* variables are put on stack,
|
declared += (int)size; /* variables are put on stack,
|
||||||
* adjust "declared" */
|
* adjust "declared" */
|
||||||
sym =
|
sym =
|
||||||
|
|
Loading…
Reference in New Issue