From: Spider Boardman <spider@orb.nashua.nh.us>
Date: Thu, 22 Jul 1999 19:58:34 +0000 (-0400)
Subject: Avoid core dumps resulting from humongous array indices
X-Git-Tag: accepted/trunk/20130322.191538~34817^2~936
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=c1f7b11a6702e2397d89f7692c76fed567098176;p=platform%2Fupstream%2Fperl.git

Avoid core dumps resulting from humongous array indices
(an out of memory error will result instead)
To: perl5-porters@perl.org
Subject: [PATCH] Re: [ID 19990715.003] [BUG] all perl5 versions: segfault on $#
Message-Id: <199907222358.TAA27354@Orb.Nashua.NH.US>

p4raw-id: //depot/cfgperl@3724
---

diff --git a/av.c b/av.c
index 8dabb7b..509b897 100644
--- a/av.c
+++ b/av.c
@@ -91,7 +91,8 @@ Perl_av_extend(pTHX_ AV *av, I32 key)
 	else {
 	    if (AvALLOC(av)) {
 #ifndef STRANGE_MALLOC
-		U32 bytes;
+		MEM_SIZE bytes;
+		IV itmp;
 #endif
 
 #if defined(MYMALLOC) && !defined(PURIFY) && !defined(LEAKTEST)
@@ -107,13 +108,14 @@ Perl_av_extend(pTHX_ AV *av, I32 key)
 #else
 		bytes = (newmax + 1) * sizeof(SV*);
 #define MALLOC_OVERHEAD 16
-		tmp = MALLOC_OVERHEAD;
-		while (tmp - MALLOC_OVERHEAD < bytes)
-		    tmp += tmp;
-		tmp -= MALLOC_OVERHEAD;
-		tmp /= sizeof(SV*);
-		assert(tmp > newmax);
-		newmax = tmp - 1;
+		itmp = MALLOC_OVERHEAD;
+		while (itmp - MALLOC_OVERHEAD < bytes)
+		    itmp += itmp;
+		itmp -= MALLOC_OVERHEAD;
+		itmp /= sizeof(SV*);
+		assert(itmp > newmax);
+		newmax = itmp - 1;
+		assert(newmax >= AvMAX(av));
 		New(2,ary, newmax+1, SV*);
 		Copy(AvALLOC(av), ary, AvMAX(av)+1, SV*);
 		if (AvMAX(av) > 64)