From 7e0ae1698d4db0baec858a46de8d1ae875360cf5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=8D=9C=E9=83=A8=E6=98=8C=E5=B9=B3?=
 <shyouhei@ruby-lang.org>
Date: Mon, 7 Oct 2019 16:56:08 +0900
Subject: avoid overflow in integer multiplication

This changeset basically replaces `ruby_xmalloc(x * y)` into
`ruby_xmalloc2(x, y)`.  Some convenient functions are also
provided for instance `rb_xmalloc_mul_add(x, y, z)` which allocates
x * y + z byes.
---
 iseq.h | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'iseq.h')

diff --git a/iseq.h b/iseq.h
index 5d24b81601..ef0dd7176d 100644
--- a/iseq.h
+++ b/iseq.h
@@ -26,7 +26,9 @@ extern const ID rb_iseq_shared_exc_local_tbl[];
 static inline size_t
 rb_call_info_kw_arg_bytes(int keyword_len)
 {
-    return sizeof(struct rb_call_info_kw_arg) + sizeof(VALUE) * (keyword_len - 1);
+    return rb_size_mul_add_or_raise(
+        keyword_len - 1, sizeof(VALUE), sizeof(struct rb_call_info_kw_arg),
+        rb_eRuntimeError);
 }
 
 #define ISEQ_COVERAGE(iseq)           iseq->body->variable.coverage
@@ -67,7 +69,7 @@ static inline VALUE *
 ISEQ_ORIGINAL_ISEQ_ALLOC(const rb_iseq_t *iseq, long size)
 {
     return iseq->body->variable.original_iseq =
-        ruby_xmalloc2(size, sizeof(VALUE));
+        ALLOC_N(VALUE, size);
 }
 
 #define ISEQ_TRACE_EVENTS (RUBY_EVENT_LINE  | \
-- 
cgit v1.2.3