variable.c: check index overflow

* variable.c (rb_ivar_set), vm_insnhelper.c (vm_setivar): check instance variable index overflow. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@47512 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2014-09-10 08:05:12 +0000
committer: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2014-09-10 08:05:12 +0000
commit: ddf6eb40c725434fec5341e73777a0d59e135287 (patch)
tree: a6ae297022915ed0f0419c93f9a9a729687b1117
parent: 6a6362d633b7ef086523dacdd16f132739ad1d75 (diff)
2 files changed, 5 insertions, 1 deletions
diff --git a/variable.c b/variable.c
index 0f6fba032d..f2c582c915 100644
--- a/variable.c
+++ b/variable.c
@@ -1153,6 +1153,7 @@ rb_ivar_set(VALUE obj, ID id, VALUE val)
         ivar_extended = 0;
         if (!st_lookup(iv_index_tbl, (st_data_t)id, &index)) {
             index = iv_index_tbl->num_entries;
+	    if (index >= INT_MAX) rb_raise(rb_eArgError, "too many instance variables");
             st_add_direct(iv_index_tbl, (st_data_t)id, index);
             ivar_extended = 1;
         }
diff --git a/vm_insnhelper.c b/vm_insnhelper.c
index c9ec803630..05ed3c62aa 100644
--- a/vm_insnhelper.c
+++ b/vm_insnhelper.c
@@ -570,8 +570,11 @@ vm_setivar(VALUE obj, ID id, VALUE val, IC ic, rb_call_info_t *ci, int is_attr)
 		    ic->ic_value.index = index;
 		    ic->ic_serial = RCLASS_SERIAL(klass);
 		}
+		else if (index >= INT_MAX) {
+		    rb_raise(rb_eArgError, "too many instance variables");
+		}
 		else {
-		    ci->aux.index = index + 1;
+		    ci->aux.index = (int)(index + 1);
 		}
 	    }
 	    /* fall through */
author	nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2014-09-10 08:05:12 +0000
committer	nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2014-09-10 08:05:12 +0000
commit	ddf6eb40c725434fec5341e73777a0d59e135287 (patch)
tree	a6ae297022915ed0f0419c93f9a9a729687b1117
parent	6a6362d633b7ef086523dacdd16f132739ad1d75 (diff)