pike.git/ src/ operators.c

2011-03-03

2011-03-03 21:42:02 by Martin Stjernholm <mast@lysator.liu.se>

• 01834d976ed4f5593bea93acce0e58a5dc619647 (17 lines) (+15/-2) ^{[ Show | Annotate ]}
  Branch: 7.6

Fixed special cases when dividing the empty array with a number.

Looks like this could clobber memory a couple of elements past the end of
the empty array in the float case.

2:   || This file is part of Pike. For copyright information see COPYRIGHT.   || Pike is distributed under GPL, LGPL and MPL. See the file COPYING   || for more information. - || $Id: operators.c,v 1.193 2008/05/21 21:13:04 mast Exp $ + || $Id$   */      #include "global.h"   #include <math.h> - RCSID("$Id: operators.c,v 1.193 2008/05/21 21:13:04 mast Exp $"); + RCSID("$Id$");   #include "interpret.h"   #include "svalue.h"   #include "multiset.h"
3459:    if(!len)    OP_DIVISION_BY_ZERO_ERROR("`/");    +  if (!Pike_sp[-2].u.array->size) { +  pop_n_elems (2); +  ref_push_array (&empty_array); +  return; +  } +     if(len<0)    {    len = -len;
3493:    if(len==0.0)    OP_DIVISION_BY_ZERO_ERROR("`/");    +  if (!Pike_sp[-2].u.array->size) { +  pop_n_elems (2); +  ref_push_array (&empty_array); +  return; +  } +     if(len<0)    {    len=-len;