pike.git/ src/ operators.c

2008-05-21

2008-05-21 21:13:04 by Martin Stjernholm <mast@lysator.liu.se>

• 5429ad9b185cf2bdc4aa91bb2b3eada96834d674 (9 lines) (+5/-4) ^{[ Show | Annotate ]}
  Branch: 7.6

Fixed buffer overrun that could occur when concatenating large integers and
floats into strings using `+ on 64 bit architectures.

Rev: src/operators.c:1.193

2:   || This file is part of Pike. For copyright information see COPYRIGHT.   || Pike is distributed under GPL, LGPL and MPL. See the file COPYING   || for more information. - || $Id: operators.c,v 1.192 2008/01/24 17:48:18 mast Exp $ + || $Id: operators.c,v 1.193 2008/05/21 21:13:04 mast Exp $   */      #include "global.h"   #include <math.h> - RCSID("$Id: operators.c,v 1.192 2008/01/24 17:48:18 mast Exp $"); + RCSID("$Id: operators.c,v 1.193 2008/05/21 21:13:04 mast Exp $");   #include "interpret.h"   #include "svalue.h"   #include "multiset.h"
1382:    break;       case T_INT: -  size+=14; +  size += (4 + (SIZEOF_INT_TYPE * 5 + 1) / 2);    break;       case T_FLOAT: -  size+=22; +  size += (12 + (SIZEOF_FLOAT_TYPE * 5 + 1) / 2);    break;    }    }