Add overflow check to EXPECT_NUMBER() used by sv_vcatpvfn().

sprintf() or printf() will now croak if any of the indexes and widths specified in the format string are too large. p4raw-id: //depot/perl@26339
author: Gisle Aas <gisle@activestate.com> 2005-12-13 11:40:26 +0000
committer: Gisle Aas <gisle@activestate.com> 2005-12-13 11:40:26 +0000
commit: 2fba7546fa1f0066c10642fd9ad4e4666d407d02 (patch)
tree: b431c29241dabf573e42c389f334a3bdf9784669 /sv.c
parent: a9b610e983e597edf8d9f9d6eeb62f1e3a3db482 (diff)
download: perl-2fba7546fa1f0066c10642fd9ad4e4666d407d02.tar.gz
1 files changed, 7 insertions, 2 deletions
diff --git a/sv.c b/sv.c
index e0165d4bd3..83d6ab15f8 100644
--- a/sv.c
+++ b/sv.c
@@ -7634,8 +7634,13 @@ S_expect_number(pTHX_ char** pattern)
     case '1': case '2': case '3':
     case '4': case '5': case '6':
     case '7': case '8': case '9':
-	while (isDIGIT(**pattern))
-	    var = var * 10 + (*(*pattern)++ - '0');
+	var = *(*pattern)++ - '0';
+	while (isDIGIT(**pattern)) {
+	    I32 tmp = var * 10 + (*(*pattern)++ - '0');
+	    if (tmp < var)
+		Perl_croak(aTHX_ "Integer overflow in format string for %s", (PL_op ? OP_NAME(PL_op) : "sv_vcatpvfn"));
+	    var = tmp;
+	}
     }
     return var;
 }
author	Gisle Aas <gisle@activestate.com>	2005-12-13 11:40:26 +0000
committer	Gisle Aas <gisle@activestate.com>	2005-12-13 11:40:26 +0000
commit	2fba7546fa1f0066c10642fd9ad4e4666d407d02 (patch)
tree	b431c29241dabf573e42c389f334a3bdf9784669 /sv.c
parent	a9b610e983e597edf8d9f9d6eeb62f1e3a3db482 (diff)
download	perl-2fba7546fa1f0066c10642fd9ad4e4666d407d02.tar.gz