* sprintf.c (rb_str_format): integer overflow check added.

* sprintf.c (GETASTER): ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9653 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2005-12-07 06:36:38 +0000
committer: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2005-12-07 06:36:38 +0000
commit: d5e02a7081cef509b3ca0796ba8d624fa039b173 (patch)
tree: fdf0a518fac580ed0282df8472368963c19c147f
parent: 9b85df19a16c1a5fd99316e385c7c2a7b621fdf0 (diff)
2 files changed, 12 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 1f881c4b0c..ab35e19398 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+Wed Dec  7 15:31:35 2005  Yukihiro Matsumoto  <matz@ruby-lang.org>
+
+	* sprintf.c (rb_str_format): integer overflow check added.
+
+	* sprintf.c (GETASTER): ditto.
+
 Wed Dec  7 01:02:04 2005  Hidetoshi NAGAI  <nagai@ai.kyutech.ac.jp>
 
 	* ext/tk/README.macosx-aqua: [new document] tips to avoid the known
diff --git a/sprintf.c b/sprintf.c
index dabdc93e7e..eddb7c33ca 100644
--- a/sprintf.c
+++ b/sprintf.c
@@ -113,6 +113,9 @@ sign_bits(base, p)
     t = p++; \
     n = 0; \
     for (; p < end && ISDIGIT(*p); p++) { \
+	if ((n*10) / 10 != n) { \
+	    rb_raise(rb_eArgError, #val " too big"); \
+	} \
 	n = 10 * n + (*p - '0'); \
     } \
     if (p >= end) { \
@@ -309,6 +312,9 @@ rb_f_sprintf(argc, argv)
 	  case '5': case '6': case '7': case '8': case '9':
 	    n = 0;
 	    for (; p < end && ISDIGIT(*p); p++) {
+		if ((n*10) / 10 != n) {
+		    rb_raise(rb_eArgError, "width too big");
+		}
 		n = 10 * n + (*p - '0');
 	    }
 	    if (p >= end) {
author	matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2005-12-07 06:36:38 +0000
committer	matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2005-12-07 06:36:38 +0000
commit	d5e02a7081cef509b3ca0796ba8d624fa039b173 (patch)
tree	fdf0a518fac580ed0282df8472368963c19c147f
parent	9b85df19a16c1a5fd99316e385c7c2a7b621fdf0 (diff)