mirror of
https://github.com/lua/lua
synced 2025-01-22 17:12:05 +03:00
better limits for 'sting.rep' and 'string.packsize'
This commit is contained in:
parent
81ecaf6178
commit
ef7d29c666
29
lstrlib.c
29
lstrlib.c
@ -1,5 +1,5 @@
|
||||
/*
|
||||
** $Id: lstrlib.c,v 1.218 2014/12/04 16:25:40 roberto Exp roberto $
|
||||
** $Id: lstrlib.c,v 1.219 2014/12/10 11:36:03 roberto Exp roberto $
|
||||
** Standard library for string operations and pattern-matching
|
||||
** See Copyright Notice in lua.h
|
||||
*/
|
||||
@ -36,6 +36,15 @@
|
||||
#define uchar(c) ((unsigned char)(c))
|
||||
|
||||
|
||||
/*
|
||||
** Some sizes are better limited to fit in 'int', but must also fit in
|
||||
** 'size_t'. (We assume that 'lua_Integer' cannot be smaller than 'int'.)
|
||||
*/
|
||||
#define MAXSIZE \
|
||||
(sizeof(size_t) < sizeof(int) ? (~(size_t)0) : (size_t)(INT_MAX))
|
||||
|
||||
|
||||
|
||||
|
||||
static int str_len (lua_State *L) {
|
||||
size_t l;
|
||||
@ -105,13 +114,6 @@ static int str_upper (lua_State *L) {
|
||||
}
|
||||
|
||||
|
||||
/* reasonable limit to avoid arithmetic overflow and strings too big */
|
||||
#if LUA_MAXINTEGER / 2 <= 0x10000000
|
||||
#define MAXSIZE ((size_t)(LUA_MAXINTEGER / 2))
|
||||
#else
|
||||
#define MAXSIZE ((size_t)0x10000000)
|
||||
#endif
|
||||
|
||||
static int str_rep (lua_State *L) {
|
||||
size_t l, lsep;
|
||||
const char *s = luaL_checklstring(L, 1, &l);
|
||||
@ -1033,7 +1035,7 @@ static int getnum (const char **fmt, int df) {
|
||||
int a = 0;
|
||||
do {
|
||||
a = a*10 + *((*fmt)++) - '0';
|
||||
} while (digit(**fmt) && a < (INT_MAX/10 - 10));
|
||||
} while (digit(**fmt) && a < ((int)MAXSIZE/10 - 10));
|
||||
return a;
|
||||
}
|
||||
}
|
||||
@ -1261,12 +1263,15 @@ static int str_pack (lua_State *L) {
|
||||
static int str_packsize (lua_State *L) {
|
||||
Header h;
|
||||
const char *fmt = luaL_checkstring(L, 1); /* format string */
|
||||
lua_Integer totalsize = 0; /* accumulate total size of result */
|
||||
size_t totalsize = 0; /* accumulate total size of result */
|
||||
initheader(L, &h);
|
||||
while (*fmt != '\0') {
|
||||
int size, ntoalign;
|
||||
KOption opt = getdetails(&h, totalsize, &fmt, &size, &ntoalign);
|
||||
totalsize += ntoalign + size;
|
||||
size += ntoalign; /* total space used by option */
|
||||
luaL_argcheck(L, totalsize <= MAXSIZE - size, 1,
|
||||
"format result too large");
|
||||
totalsize += size;
|
||||
switch (opt) {
|
||||
case Kstring: /* strings with length count */
|
||||
case Kzstr: /* zero-terminated string */
|
||||
@ -1275,7 +1280,7 @@ static int str_packsize (lua_State *L) {
|
||||
default: break;
|
||||
}
|
||||
}
|
||||
lua_pushinteger(L, totalsize);
|
||||
lua_pushinteger(L, (lua_Integer)totalsize);
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user