summaryrefslogtreecommitdiffhomepage
path: root/mrbgems/mruby-sprintf/src/sprintf.c
diff options
context:
space:
mode:
Diffstat (limited to 'mrbgems/mruby-sprintf/src/sprintf.c')
-rw-r--r--mrbgems/mruby-sprintf/src/sprintf.c27
1 files changed, 14 insertions, 13 deletions
diff --git a/mrbgems/mruby-sprintf/src/sprintf.c b/mrbgems/mruby-sprintf/src/sprintf.c
index 7eea1a1f3..985ffe276 100644
--- a/mrbgems/mruby-sprintf/src/sprintf.c
+++ b/mrbgems/mruby-sprintf/src/sprintf.c
@@ -119,13 +119,11 @@ mrb_fix2binstr(mrb_state *mrb, mrb_value x, int base)
#define FPREC0 128
#define CHECK(l) do {\
-/* int cr = ENC_CODERANGE(result);*/\
while ((l) >= bsiz - blen) {\
+ if (bsiz > MRB_INT_MAX/2) mrb_raise(mrb, E_ARGUMENT_ERROR, "too big specifier"); \
bsiz*=2;\
- if (bsiz < 0) mrb_raise(mrb, E_ARGUMENT_ERROR, "too big specifier"); \
}\
mrb_str_resize(mrb, result, bsiz);\
-/* ENC_CODERANGE_SET(result, cr);*/\
buf = RSTRING_PTR(result);\
} while (0)
@@ -202,11 +200,10 @@ check_name_arg(mrb_state *mrb, int posarg, const char *name, mrb_int len)
#define GETNUM(n, val) \
for (; p < end && ISDIGIT(*p); p++) {\
- mrb_int next_n = 10 * n + (*p - '0'); \
- if (next_n / 10 != n) {\
+ if (n > (MRB_INT_MAX - (*p - '0'))/10) {\
mrb_raise(mrb, E_ARGUMENT_ERROR, #val " too big"); \
} \
- n = next_n; \
+ n = 10 * n + (*p - '0'); \
} \
if (p >= end) { \
mrb_raise(mrb, E_ARGUMENT_ERROR, "malformed format string - %*[0-9]"); \
@@ -236,7 +233,7 @@ get_hash(mrb_state *mrb, mrb_value *hash, mrb_int argc, const mrb_value *argv)
if (argc != 2) {
mrb_raise(mrb, E_ARGUMENT_ERROR, "one hash required");
}
- tmp = mrb_check_convert_type(mrb, argv[1], MRB_TT_HASH, "Hash", "to_hash");
+ tmp = mrb_check_hash_type(mrb, argv[1]);
if (mrb_nil_p(tmp)) {
mrb_raise(mrb, E_ARGUMENT_ERROR, "one hash required");
}
@@ -555,7 +552,7 @@ mrb_str_format(mrb_state *mrb, mrb_int argc, const mrb_value *argv, mrb_value fm
++argc;
--argv;
- fmt = mrb_str_to_str(mrb, fmt);
+ mrb_to_str(mrb, fmt);
p = RSTRING_PTR(fmt);
end = p + RSTRING_LEN(fmt);
blen = 0;
@@ -1059,18 +1056,22 @@ retry:
if (i > 0)
need = BIT_DIGITS(i);
}
+ if (need > MRB_INT_MAX - ((flags&FPREC) ? prec : 6)) {
+ too_big_width:
+ mrb_raise(mrb, E_ARGUMENT_ERROR,
+ (width > prec ? "width too big" : "prec too big"));
+ }
need += (flags&FPREC) ? prec : 6;
if ((flags&FWIDTH) && need < width)
need = width;
- need += 20;
- if (need <= 0) {
- mrb_raise(mrb, E_ARGUMENT_ERROR,
- (width > prec ? "width too big" : "prec too big"));
+ if (need > MRB_INT_MAX - 20) {
+ goto too_big_width;
}
+ need += 20;
CHECK(need);
n = snprintf(&buf[blen], need, fbuf, fval);
- if (n < 0) {
+ if (n < 0 || n >= need) {
mrb_raise(mrb, E_RUNTIME_ERROR, "formatting error");
}
blen += n;
generated by cgit v1.2.3 (git 2.39.1) at 2026-04-17 01:23:19 +0000