Fix the integer overflow in `mrb_str_len_to_inum()`.

author: Yukihiro "Matz" Matsumoto <[email protected]> 2020-12-23 10:33:31 +0900
committer: Yukihiro "Matz" Matsumoto <[email protected]> 2020-12-23 10:35:15 +0900
commit: 0bb4afe9421cc803a885cb6006792d405e4c0009 (patch)
tree: ffa69b7aeb9d78c9383db0384eccebb8a69207dd /src/string.c
parent: 8b2fd45d4639dfd49ea5ec04e7bff378c4c01b6f (diff)
download: mruby-0bb4afe9421cc803a885cb6006792d405e4c0009.tar.gz
mruby-0bb4afe9421cc803a885cb6006792d405e4c0009.zip
1 files changed, 5 insertions, 9 deletions
diff --git a/src/string.c b/src/string.c
index 4d09c7eab..0cb9eaf83 100644
--- a/src/string.c
+++ b/src/string.c
@@ -2345,16 +2345,12 @@ mrb_str_len_to_inum(mrb_state *mrb, const char *str, size_t len, mrb_int base, i
     }
     n *= base;
     n += c;
-    if (n > (uint64_t)MRB_INT_MAX + (sign ? 0 : 1)) {
-#ifndef MRB_NO_FLOAT
-      if (base == 10) {
-        return mrb_float_value(mrb, mrb_str_to_dbl(mrb, mrb_str_new(mrb, str, len), badcheck));
-      }
-      else
-#endif
-      {
-        mrb_raisef(mrb, E_RANGE_ERROR, "string (%l) too big for integer", str, pend-str);
+    if (n > (uint64_t)MRB_INT_MAX) {
+      if (sign == 0 && n == (uint64_t)MRB_INT_MIN) {
+        sign = 1;
+        break;
       }
+      mrb_raisef(mrb, E_RANGE_ERROR, "string (%l) too big for integer", str, pend-str);
     }
   }
   val = (mrb_int)n;
author	Yukihiro "Matz" Matsumoto <[email protected]>	2020-12-23 10:33:31 +0900
committer	Yukihiro "Matz" Matsumoto <[email protected]>	2020-12-23 10:35:15 +0900
commit	0bb4afe9421cc803a885cb6006792d405e4c0009 (patch)
tree	ffa69b7aeb9d78c9383db0384eccebb8a69207dd /src/string.c
parent	8b2fd45d4639dfd49ea5ec04e7bff378c4c01b6f (diff)
download	mruby-0bb4afe9421cc803a885cb6006792d405e4c0009.tar.gz mruby-0bb4afe9421cc803a885cb6006792d405e4c0009.zip