Check result of repeat/concat fit in an MVMString #546

MasterDuke17 · 2017-03-05T23:56:42Z

NQP passes make m-test and Rakudo passes make m-spectest.

Fixes https://rt.perl.org/Ticket/Display.html?id=127971

jnthn · 2017-03-08T22:22:25Z

src/strings/ops.c

@@ -509,6 +518,13 @@ MVMString * MVM_string_repeat(MVMThreadContext *tc, MVMString *a, MVMint64 count
    if (agraphs == 0)
        return tc->instance->str_consts.empty;

+    /* Total size of the resulting string can't be bigger than an MVMString is allowed to be. */
+    total_graphs = (MVMuint64)agraphs * (MVMuint64)count;


Since count is a 64-bit integer, it's possible that this bounds check itself could overflow.

agraphs can't be greater than 0xFFFFFFFF (since num_graphs is a MVMuint32) and we already check that count is not greater than (1 << 30). Should be fine, right?

Ah, I missed the earlier check on count. Then yeah, this is safe. 👍

Check result of repeat/concat fit in an MVMString

beefd2b

jnthn reviewed Mar 8, 2017

View reviewed changes

jnthn merged commit dc40845 into MoarVM:master Mar 8, 2017

MasterDuke17 deleted the add_checks_on_resulting_size_to_string_concatenating_and_repeating branch March 8, 2017 22:35

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Check result of repeat/concat fit in an MVMString #546

Check result of repeat/concat fit in an MVMString #546

MasterDuke17 commented Mar 5, 2017

jnthn Mar 8, 2017

MasterDuke17 Mar 8, 2017

jnthn Mar 8, 2017

Check result of repeat/concat fit in an MVMString #546

Check result of repeat/concat fit in an MVMString #546

Conversation

MasterDuke17 commented Mar 5, 2017

jnthn Mar 8, 2017

Choose a reason for hiding this comment

MasterDuke17 Mar 8, 2017

Choose a reason for hiding this comment

jnthn Mar 8, 2017

Choose a reason for hiding this comment