embryo: fix a integer(cell) overflow problem

Summary:
The most of functions for embryo based on cell(int) types.
addvariable(), defsymbol(), modstk() and etc.
Because of this, if embryo script has a really big(INT_MAX / 4) stack variable,
integer overflow problem has been happened.
@fix

Test Plan:
Put a script in your EDC like the following code.
Build it and try to access the variable.
Or check the writen HEX value by embryo_cc.

script {
   // It's size is 1,000,000,000.
   // Remember, INT_MAX is 2,147,483,647.
   new my_big_variable[1000000000];
   ...
}

Reviewers: cedric, woohyun, raster, eunue, SanghyeonLee

Reviewed By: eunue, SanghyeonLee

Subscribers: cedric, #reviewers, #committers

Tags: #efl

Differential Revision: https://phab.enlightenment.org/D12081

diff --git a/src/bin/embryo/embryo_cc_sc1.c b/src/bin/embryo/embryo_cc_sc1.c
index 1189ce8..7595be8 100644 (file)
--- a/src/bin/embryo/embryo_cc_sc1.c
+++ b/src/bin/embryo/embryo_cc_sc1.c
@@ -1203,10 +1203,8 @@ declloc(int fstatic)
             if (numdim > 0 && dim[numdim - 1] == 0)
                error(52);      /* only last dimension may be variable length */
             size = needsub(&idxtag[numdim]);   /* get size; size==0 for "var[]" */
-#if INT_MAX < CELL_MAX
-            if (size > INT_MAX)
+            if ((unsigned long long)size * sizeof(cell) > MIN(INT_MAX, CELL_MAX))
                error(105);     /* overflow, exceeding capacity */
-#endif
             dim[numdim++] = (int)size;
          }                     /* while */
        if (ident == iARRAY || fstatic)
@@ -1237,6 +1235,9 @@ declloc(int fstatic)
          }
        else
          {
+         if (((unsigned long long)declared + (unsigned long long)size) * sizeof(cell) >
+             MIN(INT_MAX, CELL_MAX))
+            error(105);
             declared += (int)size;     /* variables are put on stack,
                                         * adjust "declared" */
             sym =