fixnum in irep->pool may overflow

author: Yukihiro "Matz" Matsumoto <[email protected]> 2013-11-13 10:15:57 +0900
committer: Yukihiro "Matz" Matsumoto <[email protected]> 2013-11-13 10:15:57 +0900
commit: 7078fcd9e405b6082542cc0d984c8468f2aa0af3 (patch)
tree: 80493ab909e6d418b86ada63085dcdaecc36b01c
parent: a725bd7a237de6f7d03556c77ad1cf79d27bfcf4 (diff)
download: mruby-7078fcd9e405b6082542cc0d984c8468f2aa0af3.tar.gz
mruby-7078fcd9e405b6082542cc0d984c8468f2aa0af3.zip
1 files changed, 15 insertions, 1 deletions
diff --git a/src/load.c b/src/load.c
index 9aab754c7..7722929d4 100644
--- a/src/load.c
+++ b/src/load.c
@@ -102,7 +102,21 @@ read_irep_record_1(mrb_state *mrb, const uint8_t *bin, uint32_t *len)
       irep->pool[i].type = tt;
       switch (tt) { //pool data
       case MRB_TT_FIXNUM:
-        irep->pool[i].value.i = mrb_fixnum(mrb_str_to_inum(mrb, s, 10, FALSE));
+        {
+          mrb_value v = mrb_str_to_inum(mrb, s, 10, FALSE);
+
+          switch (mrb_type(v)) {
+          case MRB_TT_FIXNUM:
+            irep->pool[i].value.i = mrb_fixnum(v);
+            break;
+          case MRB_TT_FLOAT:
+            irep->pool[i].type = MRB_TT_FLOAT;
+            irep->pool[i].value.f = mrb_float(v);
+          default:
+             /* broken data; should not happen */
+            irep->pool[i].value.i = 0;
+          }
+        }
         break;
 
       case MRB_TT_FLOAT:
author	Yukihiro "Matz" Matsumoto <[email protected]>	2013-11-13 10:15:57 +0900
committer	Yukihiro "Matz" Matsumoto <[email protected]>	2013-11-13 10:15:57 +0900
commit	7078fcd9e405b6082542cc0d984c8468f2aa0af3 (patch)
tree	80493ab909e6d418b86ada63085dcdaecc36b01c
parent	a725bd7a237de6f7d03556c77ad1cf79d27bfcf4 (diff)
download	mruby-7078fcd9e405b6082542cc0d984c8468f2aa0af3.tar.gz mruby-7078fcd9e405b6082542cc0d984c8468f2aa0af3.zip