summaryrefslogtreecommitdiff
path: root/compile.c
diff options
context:
space:
mode:
authornobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2014-07-26 10:06:49 +0000
committernobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2014-07-26 10:06:49 +0000
commit61fd9777984b8be47ed95c234e1357a19c6c4980 (patch)
treef9f945088aeb3dc3baa724510751bf86cb0a5ff0 /compile.c
parent39fd13bc5ce67a013d54eab99a4783a6cb539ba5 (diff)
compile.c: check size
* compile.c (compile_data_alloc): check allocation size and integer overflow. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46960 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'compile.c')
-rw-r--r--compile.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/compile.c b/compile.c
index f9bd9a5..903ff79 100644
--- a/compile.c
+++ b/compile.c
@@ -595,13 +595,13 @@ compile_data_alloc(rb_iseq_t *iseq, size_t size)
struct iseq_compile_data_storage *storage =
iseq->compile_data->storage_current;
+ if (size >= INT_MAX) rb_memerror();
if (storage->pos + size > storage->size) {
- unsigned long alloc_size = storage->size * 2;
+ unsigned int alloc_size = storage->size;
- retry:
- if (alloc_size < size) {
+ while (alloc_size < size) {
+ if (alloc_size >= INT_MAX / 2) rb_memerror();
alloc_size *= 2;
- goto retry;
}
storage->next = (void *)ALLOC_N(char, alloc_size +
SIZEOF_ISEQ_COMPILE_DATA_STORAGE);