Summary:
The most of functions for embryo based on cell(int) types.
addvariable(), defsymbol(), modstk() and etc.
Because of this, if embryo script has a really big(INT_MAX / 4) stack variable,
integer overflow problem has been happened.
@fix
Test Plan:
Put a script in your EDC like the following code.
Build it and try to access the variable.
Or check the writen HEX value by embryo_cc.
script {
// It's size is 1,000,000,000.
// Remember, INT_MAX is 2,147,483,647.
new my_big_variable[
1000000000];
...
}
Reviewers: cedric, woohyun, raster, eunue, SanghyeonLee
Reviewed By: eunue, SanghyeonLee
Subscribers: cedric, #reviewers, #committers
Tags: #efl
Differential Revision: https://phab.enlightenment.org/D12081
if (numdim > 0 && dim[numdim - 1] == 0)
error(52); /* only last dimension may be variable length */
size = needsub(&idxtag[numdim]); /* get size; size==0 for "var[]" */
-#if INT_MAX < CELL_MAX
- if (size > INT_MAX)
+ if ((unsigned long long)size * sizeof(cell) > MIN(INT_MAX, CELL_MAX))
error(105); /* overflow, exceeding capacity */
-#endif
dim[numdim++] = (int)size;
} /* while */
if (ident == iARRAY || fstatic)
}
else
{
+ if (((unsigned long long)declared + (unsigned long long)size) * sizeof(cell) >
+ MIN(INT_MAX, CELL_MAX))
+ error(105);
declared += (int)size; /* variables are put on stack,
* adjust "declared" */
sym =