Permalink
Browse files

Avoid integer overflow in sprintf(); fix #3439

This issue was reported by https://hackerone.com/aerodudrizzt
  • Loading branch information...
matz committed Feb 11, 2017
1 parent 642ab8e commit ff03a9a61c62340cff62f8e0fdc1a1e8775b6f17
Showing with 2 additions and 1 deletion.
  1. +2 −1 mrbgems/mruby-sprintf/src/sprintf.c
@@ -116,8 +116,9 @@ mrb_fix2binstr(mrb_state *mrb, mrb_value x, int base)
#define CHECK(l) do {\
/* int cr = ENC_CODERANGE(result);*/\
while (blen + (l) >= bsiz) {\
while ((l) >= bsiz - blen) {\
bsiz*=2;\
if (bsiz < 0) mrb_raise(mrb, E_ARGUMENT_ERROR, "too big specifier"); \
}\
mrb_str_resize(mrb, result, bsiz);\
/* ENC_CODERANGE_SET(result, cr);*/\

0 comments on commit ff03a9a

Please sign in to comment.