diff options
author | Andy Wingo <wingo@pobox.com> | 2019-08-02 14:37:55 +0200 |
---|---|---|
committer | Andy Wingo <wingo@pobox.com> | 2019-08-02 14:57:29 +0200 |
commit | afb2c9624884b6705b760a80ecfd823b27d828d5 (patch) | |
tree | 8103dd672191f3effc607c1b1eae4b91ac8c11fb /libguile/bytevectors.c | |
parent | 6a102205dac876edb793572f37833adaa1221e80 (diff) | |
parent | 91ba73b397fcc2a36ae7e434522a924c7a8887d0 (diff) | |
download | guile-afb2c9624884b6705b760a80ecfd823b27d828d5.tar.gz |
Merge from stable-2.2
Diffstat (limited to 'libguile/bytevectors.c')
-rw-r--r-- | libguile/bytevectors.c | 27 |
1 files changed, 18 insertions, 9 deletions
diff --git a/libguile/bytevectors.c b/libguile/bytevectors.c index b4dc2ea04..7dfdab499 100644 --- a/libguile/bytevectors.c +++ b/libguile/bytevectors.c @@ -93,7 +93,8 @@ c_len = SCM_BYTEVECTOR_LENGTH (bv); \ c_bv = (_sign char *) SCM_BYTEVECTOR_CONTENTS (bv); \ \ - if (SCM_UNLIKELY (c_index + ((_len) >> 3UL) - 1 >= c_len)) \ + if (SCM_UNLIKELY (c_len < c_index \ + || (c_len - c_index < (_len) / 8))) \ scm_out_of_range (FUNC_NAME, index); #define INTEGER_GETTER_PROLOGUE(_len, _sign) \ @@ -215,12 +216,17 @@ make_bytevector (size_t len, scm_t_array_element_type element_type) size_t c_len; if (SCM_UNLIKELY (element_type > SCM_ARRAY_ELEMENT_TYPE_LAST - || scm_i_array_element_type_sizes[element_type] < 8 - || len >= (((size_t) -1) - / (scm_i_array_element_type_sizes[element_type]/8)))) + || scm_i_array_element_type_sizes[element_type] < 8)) /* This would be an internal Guile programming error */ abort (); + /* Make sure that the total allocation size will not overflow size_t, + with ~30 extra bytes to spare to avoid an overflow within the + allocator. */ + if (SCM_UNLIKELY (len >= (((size_t) -(SCM_BYTEVECTOR_HEADER_BYTES + 32)) + / (scm_i_array_element_type_sizes[element_type]/8)))) + scm_num_overflow ("make-bytevector"); + if (SCM_UNLIKELY (len == 0 && element_type == SCM_ARRAY_ELEMENT_TYPE_VU8 && SCM_BYTEVECTOR_P (scm_null_bytevector))) ret = scm_null_bytevector; @@ -261,7 +267,7 @@ make_bytevector_from_buffer (size_t len, void *contents, size_t c_len; ret = SCM_PACK_POINTER (scm_gc_malloc (SCM_BYTEVECTOR_HEADER_BYTES, - SCM_GC_BYTEVECTOR)); + SCM_GC_BYTEVECTOR)); c_len = len * (scm_i_array_element_type_sizes[element_type] / 8); @@ -519,7 +525,7 @@ SCM_DEFINE (scm_bytevector_length, "bytevector-length", 1, 0, 0, "Return the length (in bytes) of @var{bv}.") #define FUNC_NAME s_scm_bytevector_length { - return scm_from_uint (scm_c_bytevector_length (bv)); + return scm_from_size_t (scm_c_bytevector_length (bv)); } #undef FUNC_NAME @@ -604,9 +610,11 @@ SCM_DEFINE (scm_bytevector_copy_x, "bytevector-copy!", 5, 0, 0, c_source_len = SCM_BYTEVECTOR_LENGTH (source); c_target_len = SCM_BYTEVECTOR_LENGTH (target); - if (SCM_UNLIKELY (c_source_start + c_len > c_source_len)) + if (SCM_UNLIKELY (c_source_len < c_source_start + || (c_source_len - c_source_start < c_len))) scm_out_of_range (FUNC_NAME, source_start); - if (SCM_UNLIKELY (c_target_start + c_len > c_target_len)) + if (SCM_UNLIKELY (c_target_len < c_target_start + || (c_target_len - c_target_start < c_len))) scm_out_of_range (FUNC_NAME, target_start); memmove (c_target + c_target_start, @@ -924,7 +932,8 @@ bytevector_large_set (char *c_bv, size_t c_size, int signed_p, size_t. */ \ if (SCM_UNLIKELY (c_size == 0 || c_size >= (SIZE_MAX >> 3))) \ scm_out_of_range (FUNC_NAME, size); \ - if (SCM_UNLIKELY (c_index + c_size > c_len)) \ + if (SCM_UNLIKELY (c_len < c_index \ + || (c_len - c_index < c_size))) \ scm_out_of_range (FUNC_NAME, index); #define GENERIC_INTEGER_GETTER_PROLOGUE(_sign) \ |