added "reasonable" limit for 'string.rep' (otherwise it is too easy

to crash the machine)
author: Roberto Ierusalimschy <roberto@inf.puc-rio.br> 2013-06-20 12:06:51 -0300
committer: Roberto Ierusalimschy <roberto@inf.puc-rio.br> 2013-06-20 12:06:51 -0300
commit: 7c4cc505dbf67f9a0c09583588c9697d9f239a07 (patch)
tree: cd928a9bb143790ee9a327c139ddcccf96426091
parent: 453450d68751f74f0fab44bd96725a5606d2d9a1 (diff)
download: lua-github-7c4cc505dbf67f9a0c09583588c9697d9f239a07.tar.gz
1 files changed, 8 insertions, 3 deletions
diff --git a/lstrlib.c b/lstrlib.c
index cb27492c..8ca34691 100644
--- a/lstrlib.c
+++ b/lstrlib.c
@@ -1,11 +1,12 @@
 /*
-** $Id: lstrlib.c,v 1.180 2013/06/07 14:51:10 roberto Exp roberto $
+** $Id: lstrlib.c,v 1.181 2013/06/19 14:29:01 roberto Exp roberto $
 ** Standard library for string operations and pattern-matching
 ** See Copyright Notice in lua.h
 */
 
 
 #include <ctype.h>
+#include <limits.h>
 #include <stddef.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -102,8 +103,12 @@ static int str_upper (lua_State *L) {
 }
 
 
-/* reasonable limit to avoid arithmetic overflow */
-#define MAXSIZE		((~(size_t)0) >> 1)
+/* reasonable limit to avoid arithmetic overflow and strings too big */
+#if INT_MAX / 2 <= 0x10000000
+#define MAXSIZE		((size_t)(INT_MAX / 2))
+#else
+#define MAXSIZE		((size_t)0x10000000)
+#endif
 
 static int str_rep (lua_State *L) {
   size_t l, lsep;
author	Roberto Ierusalimschy <roberto@inf.puc-rio.br>	2013-06-20 12:06:51 -0300
committer	Roberto Ierusalimschy <roberto@inf.puc-rio.br>	2013-06-20 12:06:51 -0300
commit	7c4cc505dbf67f9a0c09583588c9697d9f239a07 (patch)
tree	cd928a9bb143790ee9a327c139ddcccf96426091
parent	453450d68751f74f0fab44bd96725a5606d2d9a1 (diff)
download	lua-github-7c4cc505dbf67f9a0c09583588c9697d9f239a07.tar.gz