From 61fd9777984b8be47ed95c234e1357a19c6c4980 Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Sat, 26 Jul 2014 10:06:49 +0000
Subject: compile.c: check size

* compile.c (compile_data_alloc): check allocation size and
  integer overflow.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46960 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 compile.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'compile.c')

diff --git a/compile.c b/compile.c
index f9bd9a531e..903ff79d46 100644
--- a/compile.c
+++ b/compile.c
@@ -595,13 +595,13 @@ compile_data_alloc(rb_iseq_t *iseq, size_t size)
     struct iseq_compile_data_storage *storage =
 	iseq->compile_data->storage_current;
 
+    if (size >= INT_MAX) rb_memerror();
     if (storage->pos + size > storage->size) {
-	unsigned long alloc_size = storage->size * 2;
+	unsigned int alloc_size = storage->size;
 
-      retry:
-	if (alloc_size < size) {
+	while (alloc_size < size) {
+	    if (alloc_size >= INT_MAX / 2) rb_memerror();
 	    alloc_size *= 2;
-	    goto retry;
 	}
 	storage->next = (void *)ALLOC_N(char, alloc_size +
 					SIZEOF_ISEQ_COMPILE_DATA_STORAGE);
-- 
cgit v1.2.3