Permalink
1 comment
on commit
Please
sign in to comment.
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Use size_t to avoid integer overflow in mrb_ary_splice(); fix #3413
- Loading branch information
Showing
1 changed file
with
5 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 comment
on commit 72bff29
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
b0f918d to use mrb_int instead of size_t.
This still gives incorrect results if
size_t
is longer thanmrb_int
. Ifhead
andlen
are0x40000000
, then the result istail = 0xffffffff80000000
. I thinkhead
and/orlen
need to be cast tosize_t
for this to work correctly.