pike.git / src / encode.c

version» Context lines:

pike.git/src/encode.c:3386:       debug_malloc_touch(p);      #define FOO(NUMTYPE,TYPE,ARGTYPE,NAME) \    decode_number( p->PIKE_CONCAT(num_,NAME), data);   #include "program_areas.h"          if(data->pass == 1)    { +  int overflow = 0; +  size_t tmp = 0;   #ifdef PIKE_USE_MACHINE_CODE    /* We want our program to be in mexec-allocated memory... */   #define BAR(NUMTYPE,TYPE,ARGTYPE,NAME)   #endif /* PIKE_USE_MACHINE_CODE */ - #define FOO(NUMTYPE,TYPE,ARGTYPE,NAME) \ + #define FOO(NUMTYPE,TYPE,ARGTYPE,NAME) \ +  if (size) { \    size=DO_ALIGN(size, ALIGNOF(TYPE)); \ -  size+=p->PIKE_CONCAT(num_,NAME)*sizeof(p->NAME[0]); +  overflow |= !size; \ +  } \ +  overflow |= DO_SIZE_T_MUL_OVERFLOW(sizeof(p->NAME[0]), p->PIKE_CONCAT(num_,NAME), &tmp)\ +  | DO_SIZE_T_ADD_OVERFLOW(size, tmp, &size);   #include "program_areas.h"    -  +  if (overflow) +  decode_error(data, NULL, "Program area sizes overflowed.\n"); +     dat=xalloc(size);    debug_malloc_touch(dat);    MEMSET(dat,0,size);    size=0;   #ifdef PIKE_USE_MACHINE_CODE    /* We want our program to be in mexec-allocated memory... */   #define BAR(NUMTYPE,TYPE,ARGTYPE,NAME) \ -  p->NAME = (TYPE *)mexec_alloc(p->PIKE_CONCAT(num_, NAME) * \ -  sizeof(p->NAME[0])); +  if (DO_SIZE_T_MUL_OVERFLOW(p->PIKE_CONCAT(num_, NAME), sizeof(p->NAME[0]), &tmp))\ +  decode_error(data, NULL, "Program area sizes overflowed.\n");\ +  p->NAME = (TYPE *)mexec_alloc(tmp);   #endif /* PIKE_USE_MACHINE_CODE */   #define FOO(NUMTYPE,TYPE,ARGTYPE,NAME) \    size=DO_ALIGN(size, ALIGNOF(TYPE)); \    p->NAME=(TYPE *)(dat+size); \    size+=p->PIKE_CONCAT(num_,NAME)*sizeof(p->NAME[0]);   #include "program_areas.h"       for(e=0;e<p->num_constants;e++)    mark_free_svalue (&p->constants[e].sval);   
pike.git/src/encode.c:4143: Inside #if defined(PIKE_USE_MACHINE_CODE)
   decode_number(csum, data);    if (csum != instrs_checksum) {    decode_error(data, NULL,    "Bad instruction checksum: %d (expected %d)\n",    csum, instrs_checksum);    }    }   #endif /* PIKE_USE_MACHINE_CODE */       /* Decode program */ -  if (local_num_program >= (size_t)(data->len - data->ptr)) { +  if (SIZE_T_MUL_OVERFLOW(local_num_program, sizeof(PIKE_OPCODE_T)) || +  local_num_program * sizeof(PIKE_OPCODE_T) >= (size_t)(data->len - data->ptr)) {    decode_error(data, NULL,    "Failed to decode program (string too short).\n");    }    low_add_many_to_program(Pike_compiler,    (PIKE_OPCODE_T *)(data->data + data->ptr),    local_num_program);    data->ptr += local_num_program * sizeof(PIKE_OPCODE_T);       /* Decode relocations */    for (e=0; e<(int)local_num_relocations; e++) {