diff options
author | Roberto Ierusalimschy <roberto@inf.puc-rio.br> | 2013-06-20 12:06:51 -0300 |
---|---|---|
committer | Roberto Ierusalimschy <roberto@inf.puc-rio.br> | 2013-06-20 12:06:51 -0300 |
commit | 7c4cc505dbf67f9a0c09583588c9697d9f239a07 (patch) | |
tree | cd928a9bb143790ee9a327c139ddcccf96426091 | |
parent | 453450d68751f74f0fab44bd96725a5606d2d9a1 (diff) | |
download | lua-github-7c4cc505dbf67f9a0c09583588c9697d9f239a07.tar.gz |
added "reasonable" limit for 'string.rep' (otherwise it is too easy
to crash the machine)
-rw-r--r-- | lstrlib.c | 11 |
1 files changed, 8 insertions, 3 deletions
@@ -1,11 +1,12 @@ /* -** $Id: lstrlib.c,v 1.180 2013/06/07 14:51:10 roberto Exp roberto $ +** $Id: lstrlib.c,v 1.181 2013/06/19 14:29:01 roberto Exp roberto $ ** Standard library for string operations and pattern-matching ** See Copyright Notice in lua.h */ #include <ctype.h> +#include <limits.h> #include <stddef.h> #include <stdio.h> #include <stdlib.h> @@ -102,8 +103,12 @@ static int str_upper (lua_State *L) { } -/* reasonable limit to avoid arithmetic overflow */ -#define MAXSIZE ((~(size_t)0) >> 1) +/* reasonable limit to avoid arithmetic overflow and strings too big */ +#if INT_MAX / 2 <= 0x10000000 +#define MAXSIZE ((size_t)(INT_MAX / 2)) +#else +#define MAXSIZE ((size_t)0x10000000) +#endif static int str_rep (lua_State *L) { size_t l, lsep; |