diff options
| author | Father Chrysostomos <sprout@cpan.org> | 2013-08-24 19:09:59 -0700 |
|---|---|---|
| committer | Father Chrysostomos <sprout@cpan.org> | 2013-08-25 06:39:28 -0700 |
| commit | fc16c3924bd6aa054f21ad5445fecf9b7f39dc36 (patch) | |
| tree | a0ac4568d977ef5c9e125c7bae9e6de466d48146 /av.c | |
| parent | e8eb279cb8d8b30256eb8b1957e1dabed28fc4eb (diff) | |
| download | perl-fc16c3924bd6aa054f21ad5445fecf9b7f39dc36.tar.gz | |
Use SSize_t when extending the stack
(I am referring to what is usually known simply as The Stack.)
This partially fixes #119161.
By casting the argument to int, we can end up truncating/wrapping
it on 64-bit systems, so EXTEND(SP, 2147483648) translates into
EXTEND(SP, -1), which does not extend the stack at all. Then writing
to the stack in code like ()=1..1000000000000 goes past the end of
allocated memory and crashes.
I can’t really write a test for this, since instead of crashing it
will use more memory than I have available (and then I’ll start for-
getting things).
Diffstat (limited to 'av.c')
| -rw-r--r-- | av.c | 8 |
1 files changed, 4 insertions, 4 deletions
@@ -63,7 +63,7 @@ extended. */ void -Perl_av_extend(pTHX_ AV *av, I32 key) +Perl_av_extend(pTHX_ AV *av, SSize_t key) { dVAR; MAGIC *mg; @@ -84,7 +84,7 @@ Perl_av_extend(pTHX_ AV *av, I32 key) /* The guts of av_extend. *Not* for general use! */ void -Perl_av_extend_guts(pTHX_ AV *av, I32 key, SSize_t *maxp, SV ***allocp, +Perl_av_extend_guts(pTHX_ AV *av, SSize_t key, SSize_t *maxp, SV ***allocp, SV ***arrayp) { dVAR; @@ -93,8 +93,8 @@ Perl_av_extend_guts(pTHX_ AV *av, I32 key, SSize_t *maxp, SV ***allocp, if (key > *maxp) { SV** ary; - I32 tmp; - I32 newmax; + SSize_t tmp; + SSize_t newmax; if (av && *allocp != *arrayp) { ary = *allocp + AvFILLp(av) + 1; |