mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
Check for integer overflow in the allocation of match_cache table
This commit is contained in:
parent
14845ab4ff
commit
d868f4ca31
1 changed files with 4 additions and 0 deletions
|
@ -3842,6 +3842,10 @@ match_at(regex_t* reg, const UChar* str, const UChar* end,
|
|||
size_t len = (end - str) + 1;
|
||||
size_t match_cache_size8 = (size_t)msa->num_cache_opcode * len;
|
||||
/* overflow check */
|
||||
if (match_cache_size8 / len != (size_t)msa->num_cache_opcode) {
|
||||
return ONIGERR_MEMORY;
|
||||
}
|
||||
/* Currently, int is used for the key of match_cache */
|
||||
if (match_cache_size8 >= INT_MAX_LIMIT) {
|
||||
return ONIGERR_MEMORY;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue