summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSpider Boardman <spider@orb.nashua.nh.us>1999-07-22 15:58:34 -0400
committerJarkko Hietaniemi <jhi@iki.fi>1999-07-23 08:03:36 +0000
commitc1f7b11a6702e2397d89f7692c76fed567098176 (patch)
tree99cd25f5cf0395c78bfe5083a22b286f2fd396f0
parentc3fed81c293d2d16f60a54846674e373def5edfa (diff)
downloadperl-c1f7b11a6702e2397d89f7692c76fed567098176.tar.gz
Avoid core dumps resulting from humongous array indices
(an out of memory error will result instead) To: perl5-porters@perl.org Subject: [PATCH] Re: [ID 19990715.003] [BUG] all perl5 versions: segfault on $# Message-Id: <199907222358.TAA27354@Orb.Nashua.NH.US> p4raw-id: //depot/cfgperl@3724
-rw-r--r--av.c18
1 files changed, 10 insertions, 8 deletions
diff --git a/av.c b/av.c
index 8dabb7b6b0..509b8972e5 100644
--- a/av.c
+++ b/av.c
@@ -91,7 +91,8 @@ Perl_av_extend(pTHX_ AV *av, I32 key)
else {
if (AvALLOC(av)) {
#ifndef STRANGE_MALLOC
- U32 bytes;
+ MEM_SIZE bytes;
+ IV itmp;
#endif
#if defined(MYMALLOC) && !defined(PURIFY) && !defined(LEAKTEST)
@@ -107,13 +108,14 @@ Perl_av_extend(pTHX_ AV *av, I32 key)
#else
bytes = (newmax + 1) * sizeof(SV*);
#define MALLOC_OVERHEAD 16
- tmp = MALLOC_OVERHEAD;
- while (tmp - MALLOC_OVERHEAD < bytes)
- tmp += tmp;
- tmp -= MALLOC_OVERHEAD;
- tmp /= sizeof(SV*);
- assert(tmp > newmax);
- newmax = tmp - 1;
+ itmp = MALLOC_OVERHEAD;
+ while (itmp - MALLOC_OVERHEAD < bytes)
+ itmp += itmp;
+ itmp -= MALLOC_OVERHEAD;
+ itmp /= sizeof(SV*);
+ assert(itmp > newmax);
+ newmax = itmp - 1;
+ assert(newmax >= AvMAX(av));
New(2,ary, newmax+1, SV*);
Copy(AvALLOC(av), ary, AvMAX(av)+1, SV*);
if (AvMAX(av) > 64)