Branch: Tag:

2008-05-21

2008-05-21 21:13:04 by Martin Stjernholm <mast@lysator.liu.se>

Fixed buffer overrun that could occur when concatenating large integers and
floats into strings using `+ on 64 bit architectures.

Rev: src/operators.c:1.170

2:   || This file is part of Pike. For copyright information see COPYRIGHT.   || Pike is distributed under GPL, LGPL and MPL. See the file COPYING   || for more information. - || $Id: operators.c,v 1.169 2008/01/24 17:48:17 mast Exp $ + || $Id: operators.c,v 1.170 2008/05/21 21:13:04 mast Exp $   */      #include "global.h"   #include <math.h> - RCSID("$Id: operators.c,v 1.169 2008/01/24 17:48:17 mast Exp $"); + RCSID("$Id: operators.c,v 1.170 2008/05/21 21:13:04 mast Exp $");   #include "interpret.h"   #include "svalue.h"   #include "multiset.h"
395:    break;       case T_INT: -  size+=14; +  size += (4 + (SIZEOF_INT_TYPE * 5 + 1) / 2);    break;       case T_FLOAT: -  size+=22; +  size += (12 + (SIZEOF_FLOAT_TYPE * 5 + 1) / 2);    break;    }    }