ruby.h: check integer overflow
* include/ruby/ruby.h (ALLOCV_N): check integer overflow, as well as ruby_xmalloc2. pointed out by Paul <pawlkt AT gmail.com>. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51533 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
parent
0a8a321558
commit
471e3a3016
@ -1,3 +1,8 @@
|
|||||||
|
Tue Aug 11 15:22:31 2015 Nobuyoshi Nakada <nobu@ruby-lang.org>
|
||||||
|
|
||||||
|
* include/ruby/ruby.h (ALLOCV_N): check integer overflow, as well
|
||||||
|
as ruby_xmalloc2. pointed out by Paul <pawlkt AT gmail.com>.
|
||||||
|
|
||||||
Tue Aug 11 14:57:09 2015 Nobuyoshi Nakada <nobu@ruby-lang.org>
|
Tue Aug 11 14:57:09 2015 Nobuyoshi Nakada <nobu@ruby-lang.org>
|
||||||
|
|
||||||
* array.c (rb_ary_repeated_permutation): fix buffer size, ALLOCV_N
|
* array.c (rb_ary_repeated_permutation): fix buffer size, ALLOCV_N
|
||||||
|
14
gc.c
14
gc.c
@ -7649,16 +7649,16 @@ ruby_xmalloc(size_t size)
|
|||||||
return objspace_xmalloc(&rb_objspace, size);
|
return objspace_xmalloc(&rb_objspace, size);
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline size_t
|
void
|
||||||
xmalloc2_size(size_t n, size_t size)
|
ruby_malloc_size_overflow(size_t count, size_t elsize)
|
||||||
{
|
{
|
||||||
size_t len = size * n;
|
rb_raise(rb_eArgError,
|
||||||
if (n != 0 && size != len / n) {
|
"malloc: possible integer overflow (%"PRIdSIZE"*%"PRIdSIZE")",
|
||||||
rb_raise(rb_eArgError, "malloc: possible integer overflow");
|
count, elsize);
|
||||||
}
|
|
||||||
return len;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#define xmalloc2_size ruby_xmalloc2_size
|
||||||
|
|
||||||
void *
|
void *
|
||||||
ruby_xmalloc2(size_t n, size_t size)
|
ruby_xmalloc2(size_t n, size_t size)
|
||||||
{
|
{
|
||||||
|
@ -1431,14 +1431,31 @@ rb_num2char_inline(VALUE x)
|
|||||||
|
|
||||||
void *rb_alloc_tmp_buffer(volatile VALUE *store, long len) RUBY_ATTR_ALLOC_SIZE((2));
|
void *rb_alloc_tmp_buffer(volatile VALUE *store, long len) RUBY_ATTR_ALLOC_SIZE((2));
|
||||||
void rb_free_tmp_buffer(volatile VALUE *store);
|
void rb_free_tmp_buffer(volatile VALUE *store);
|
||||||
|
NORETURN(void ruby_malloc_size_overflow(size_t, size_t));
|
||||||
|
static inline size_t
|
||||||
|
ruby_xmalloc2_size(const size_t count, const size_t elsize)
|
||||||
|
{
|
||||||
|
if (count > SIZE_MAX / elsize) {
|
||||||
|
ruby_malloc_size_overflow(count, elsize);
|
||||||
|
}
|
||||||
|
return count * elsize;
|
||||||
|
}
|
||||||
/* allocates _n_ bytes temporary buffer and stores VALUE including it
|
/* allocates _n_ bytes temporary buffer and stores VALUE including it
|
||||||
* in _v_. _n_ may be evaluated twice. */
|
* in _v_. _n_ may be evaluated twice. */
|
||||||
#ifdef C_ALLOCA
|
#ifdef C_ALLOCA
|
||||||
# define ALLOCV(v, n) rb_alloc_tmp_buffer(&(v), (n))
|
# define ALLOCV(v, n) rb_alloc_tmp_buffer(&(v), (n))
|
||||||
|
# define ALLOCV_N(type, v, n) \
|
||||||
|
((type*)ALLOCV((v), ruby_xmalloc2_size((n), sizeof(type))))
|
||||||
#else
|
#else
|
||||||
# define ALLOCV(v, n) ((n) < 1024 ? (RB_GC_GUARD(v) = 0, alloca(n)) : rb_alloc_tmp_buffer(&(v), (n)))
|
# define ALLOCV_LIMIT 1024
|
||||||
|
# define ALLOCV(v, n) ((n) < ALLOCV_LIMIT ? \
|
||||||
|
(RB_GC_GUARD(v) = 0, alloca(n)) : \
|
||||||
|
rb_alloc_tmp_buffer(&(v), (n)))
|
||||||
|
# define ALLOCV_N(type, v, n) \
|
||||||
|
((type*)(ruby_xmalloc2_size((n), sizeof(type)) < ALLOCV_LIMIT ? \
|
||||||
|
(RB_GC_GUARD(v) = 0, alloca((n) * sizeof(type))) : \
|
||||||
|
rb_alloc_tmp_buffer(&(v), (n) * sizeof(type))))
|
||||||
#endif
|
#endif
|
||||||
#define ALLOCV_N(type, v, n) ((type*)ALLOCV((v), sizeof(type)*(n)))
|
|
||||||
#define ALLOCV_END(v) rb_free_tmp_buffer(&(v))
|
#define ALLOCV_END(v) rb_free_tmp_buffer(&(v))
|
||||||
|
|
||||||
#define MEMZERO(p,type,n) memset((p), 0, sizeof(type)*(n))
|
#define MEMZERO(p,type,n) memset((p), 0, sizeof(type)*(n))
|
||||||
|
Loading…
x
Reference in New Issue
Block a user