diff options
| author | Yukihiro "Matz" Matsumoto <[email protected]> | 2021-06-10 18:42:51 +0900 |
|---|---|---|
| committer | Yukihiro "Matz" Matsumoto <[email protected]> | 2021-06-10 18:42:51 +0900 |
| commit | 62f4cc8cd1d5839153eb364c1c095df64d7cdc22 (patch) | |
| tree | 37407bf506e94ab85cdd3be8534dd6c0d1f03c4f | |
| parent | df549c12e5852f640d37b2bd35e2d5dfc45a7283 (diff) | |
| download | mruby-62f4cc8cd1d5839153eb364c1c095df64d7cdc22.tar.gz mruby-62f4cc8cd1d5839153eb364c1c095df64d7cdc22.zip | |
sprintf.c: check value range before type casting.
| -rw-r--r-- | mrbgems/mruby-sprintf/src/sprintf.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/mrbgems/mruby-sprintf/src/sprintf.c b/mrbgems/mruby-sprintf/src/sprintf.c index 03e5729c6..2ae982a16 100644 --- a/mrbgems/mruby-sprintf/src/sprintf.c +++ b/mrbgems/mruby-sprintf/src/sprintf.c @@ -270,6 +270,7 @@ get_num(mrb_state *mrb, const char *p, const char *end, int *valp) } next_n += *p - '0'; } + if (next_n > INT_MAX || next_n < 0) return NULL; if (p >= end) { mrb_raise(mrb, E_ARGUMENT_ERROR, "malformed format string - %%*[0-9]"); } |