projects / p5sagit/p5-mst-13.2.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw (parent: c3fed81)
Avoid core dumps resulting from humongous array indices
Spider Boardman [Thu, 22 Jul 1999 19:58:34 +0000 (15:58 -0400)]
(an out of memory error will result instead)
To: perl5-porters@perl.org
Subject: [PATCH] Re: [ID 19990715.003] [BUG] all perl5 versions: segfault on $#
Message-Id: <199907222358.TAA27354@Orb.Nashua.NH.US>

p4raw-id: //depot/cfgperl@3724

av.c patch | blob | blame | history

diff --git a/av.c b/av.c
index 8dabb7b..509b897 100644 (file)
--- a/av.c
+++ b/av.c
@@ -91,7 +91,8 @@ Perl_av_extend(pTHX_ AV *av, I32 key)
        else {
            if (AvALLOC(av)) {
 #ifndef STRANGE_MALLOC
-               U32 bytes;
+               MEM_SIZE bytes;
+               IV itmp;
 #endif
 
 #if defined(MYMALLOC) && !defined(PURIFY) && !defined(LEAKTEST)
@@ -107,13 +108,14 @@ Perl_av_extend(pTHX_ AV *av, I32 key)
 #else
                bytes = (newmax + 1) * sizeof(SV*);
 #define MALLOC_OVERHEAD 16
-               tmp = MALLOC_OVERHEAD;
-               while (tmp - MALLOC_OVERHEAD < bytes)
-                   tmp += tmp;
-               tmp -= MALLOC_OVERHEAD;
-               tmp /= sizeof(SV*);
-               assert(tmp > newmax);
-               newmax = tmp - 1;
+               itmp = MALLOC_OVERHEAD;
+               while (itmp - MALLOC_OVERHEAD < bytes)
+                   itmp += itmp;
+               itmp -= MALLOC_OVERHEAD;
+               itmp /= sizeof(SV*);
+               assert(itmp > newmax);
+               newmax = itmp - 1;
+               assert(newmax >= AvMAX(av));
                New(2,ary, newmax+1, SV*);
                Copy(AvALLOC(av), ary, AvMAX(av)+1, SV*);
                if (AvMAX(av) > 64)
Unnamed repository; edit this file to name it for gitweb.