From af3e0ddfc038c252731edf6cbaa6fdcee89331d8 Mon Sep 17 00:00:00 2001 From: "Yukihiro \"Matz\" Matsumoto" Date: Sun, 6 Jun 2021 07:57:21 +0900 Subject: pack.c: failed to detect overflow when `ch` is zero in `read_tmpl`. --- mrbgems/mruby-pack/src/pack.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mrbgems/mruby-pack/src/pack.c b/mrbgems/mruby-pack/src/pack.c index 72d72ed7f..987385889 100644 --- a/mrbgems/mruby-pack/src/pack.c +++ b/mrbgems/mruby-pack/src/pack.c @@ -1131,8 +1131,8 @@ alias: if (ISDIGIT(ch)) { count = ch - '0'; while (tmpl->idx < tlen && ISDIGIT(tptr[tmpl->idx])) { - int ch = tptr[tmpl->idx++] - '0'; - if (count+ch > INT_MAX/10) { + ch = tptr[tmpl->idx++] - '0'; + if (count+10 > INT_MAX/10) { mrb_raise(mrb, E_RUNTIME_ERROR, "too big template length"); } count = count * 10 + ch; -- cgit v1.2.3