diff options
author | David Mitchell <davem@iabyn.com> | 2017-05-08 21:06:38 +0100 |
---|---|---|
committer | Steve Hay <steve.m.hay@googlemail.com> | 2017-08-29 08:14:31 +0100 |
commit | 661017e03ef252c7156aa4ac31e9069187fcc12c (patch) | |
tree | 732e20aec5aa8aceaa3635d7beda5918d9f61189 | |
parent | 7fd57da23ca822d3ac68a1e34b882cc9c594aaf5 (diff) | |
download | perl-661017e03ef252c7156aa4ac31e9069187fcc12c.tar.gz |
avoid a memory wrap in sv_vcatpvfn_flags()
RT #131260
When calculating the new size of PL_efloatbuf, avoid wrapping 'need'.
(cherry picked from commit ddb03b72f46eae3c278f28e8758e87b9c98c66a1)
-rw-r--r-- | sv.c | 14 |
1 files changed, 11 insertions, 3 deletions
@@ -12318,7 +12318,13 @@ Perl_sv_vcatpvfn_flags(pTHX_ SV *const sv, const char *const pat, const STRLEN p need = BIT_DIGITS(i); } /* if i < 0, the number of digits is hard to predict. */ } - need += has_precis ? precis : 6; /* known default */ + + { + STRLEN pr = has_precis ? precis : 6; /* known default */ + if (need >= ((STRLEN)~0) - pr) + croak_memory_wrap(); + need += pr; + } if (need < width) need = width; @@ -12389,10 +12395,12 @@ Perl_sv_vcatpvfn_flags(pTHX_ SV *const sv, const char *const pat, const STRLEN p #endif /* HAS_LDBL_SPRINTF_BUG */ - need += 20; /* fudge factor */ + if (need >= ((STRLEN)~0) - 40) + croak_memory_wrap(); + need += 40; /* fudge factor */ if (PL_efloatsize < need) { Safefree(PL_efloatbuf); - PL_efloatsize = need + 20; /* more fudge */ + PL_efloatsize = need; Newx(PL_efloatbuf, PL_efloatsize, char); PL_efloatbuf[0] = '\0'; } |