pike.git/
src/
encode.c
Branch:
Tag:
Non-build tags
All tags
No tags
2014-03-12
2014-03-12 15:04:18 by Arne Goedeke <el@laramies.com>
948bdba5c1d2590709a6d9d6f6e3bb7970e47713 (
13
lines) (+
7
/-
6
)
[
Show
|
Annotate
]
Branch:
8.0
decode_value: avoid using decoded integers operations that overflow
2286:
} while(0); #define getdata2(S,L) do { \
-
if(
data->ptr + (ptrdiff_t)(
sizeof(S[0])*(L)
)
> data->len) \
+
if(sizeof(S[0])*(L) >
(size_t)(
data->len
- data->ptr
)
)
\
decode_error(data, NULL, "String range error.\n"); \ MEMCPY((S),(data->data + data->ptr), sizeof(S[0])*(L)); \ data->ptr+=sizeof(S[0])*(L); \
2901:
"Failed to decode array (array size is negative).\n"); /* Heruetical */
-
if(
data->ptr +
num > data->len)
+
if(
num >
data->
len
-
data->
ptr
)
decode_error(data, NULL, "Failed to decode array (not enough data).\n"); EDB(2,fprintf(stderr, "%*sDecoding array of size %d to <%d>\n",
2930:
"(mapping size is negative).\n"); /* Heuristical */
-
if(
data->ptr +
num > data->len)
+
if(
num >
data->
len
-
data->
ptr
)
decode_error(data, NULL, "Failed to decode mapping " "(not enough data).\n");
2960:
"(multiset size is negative).\n"); /* Heruetical */
-
if(
data->ptr +
num > data->len)
+
if(
num >
data->
len
-
data->
ptr
)
decode_error(data, NULL, "Failed to decode multiset " "(not enough data).\n");
4151:
#endif /* PIKE_USE_MACHINE_CODE */ /* Decode program */
-
if (
data->ptr + (int)
local_num_program >= data->len) {
+
if (local_num_program >=
(size_t)(
data->len
- data->ptr
)
)
{
decode_error(data, NULL, "Failed to decode program (string too short).\n"); }
4175:
make_program_executable(p); /* Decode linenumbers */
-
if (
data->ptr + (int)
local_num_linenumbers >= data->len) {
+
if (local_num_linenumbers >=
(size_t)(
data->len
- data->ptr
)
)
{
decode_error(data, NULL, "Failed to decode linenumbers " "(string too short).\n"); }