diff options
author | Spider Boardman <spider@orb.nashua.nh.us> | 1999-07-22 15:58:34 -0400 |
---|---|---|
committer | Jarkko Hietaniemi <jhi@iki.fi> | 1999-07-23 08:03:36 +0000 |
commit | c1f7b11a6702e2397d89f7692c76fed567098176 (patch) | |
tree | 99cd25f5cf0395c78bfe5083a22b286f2fd396f0 | |
parent | c3fed81c293d2d16f60a54846674e373def5edfa (diff) | |
download | perl-c1f7b11a6702e2397d89f7692c76fed567098176.tar.gz |
Avoid core dumps resulting from humongous array indices
(an out of memory error will result instead)
To: perl5-porters@perl.org
Subject: [PATCH] Re: [ID 19990715.003] [BUG] all perl5 versions: segfault on $#
Message-Id: <199907222358.TAA27354@Orb.Nashua.NH.US>
p4raw-id: //depot/cfgperl@3724
-rw-r--r-- | av.c | 18 |
1 files changed, 10 insertions, 8 deletions
@@ -91,7 +91,8 @@ Perl_av_extend(pTHX_ AV *av, I32 key) else { if (AvALLOC(av)) { #ifndef STRANGE_MALLOC - U32 bytes; + MEM_SIZE bytes; + IV itmp; #endif #if defined(MYMALLOC) && !defined(PURIFY) && !defined(LEAKTEST) @@ -107,13 +108,14 @@ Perl_av_extend(pTHX_ AV *av, I32 key) #else bytes = (newmax + 1) * sizeof(SV*); #define MALLOC_OVERHEAD 16 - tmp = MALLOC_OVERHEAD; - while (tmp - MALLOC_OVERHEAD < bytes) - tmp += tmp; - tmp -= MALLOC_OVERHEAD; - tmp /= sizeof(SV*); - assert(tmp > newmax); - newmax = tmp - 1; + itmp = MALLOC_OVERHEAD; + while (itmp - MALLOC_OVERHEAD < bytes) + itmp += itmp; + itmp -= MALLOC_OVERHEAD; + itmp /= sizeof(SV*); + assert(itmp > newmax); + newmax = itmp - 1; + assert(newmax >= AvMAX(av)); New(2,ary, newmax+1, SV*); Copy(AvALLOC(av), ary, AvMAX(av)+1, SV*); if (AvMAX(av) > 64) |