kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

Check for integer overflow in the allocation of match_cache table

Browse source
This commit is contained in:
Yusuke Endoh 2022-11-09 00:37:46 +09:00
parent 14845ab4ff
commit d868f4ca31
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
regexec.c
View file

@ -3842,6 +3842,10 @@ match_at(regex_t* reg, const UChar* str, const UChar* end,
size_t len = (end - str) + 1; size_t len = (end - str) + 1;
size_t match_cache_size8 = (size_t)msa->num_cache_opcode * len; size_t match_cache_size8 = (size_t)msa->num_cache_opcode * len;
/* overflow check */ /* overflow check */
if (match_cache_size8 / len != (size_t)msa->num_cache_opcode) {
return ONIGERR_MEMORY;
}
/* Currently, int is used for the key of match_cache */
if (match_cache_size8 >= INT_MAX_LIMIT) { if (match_cache_size8 >= INT_MAX_LIMIT) {
return ONIGERR_MEMORY; return ONIGERR_MEMORY;
} }