From e091d6ed62fd2f7e2def56e23c7d6f32c693d1ca Mon Sep 17 00:00:00 2001
From: Cyrill Gorcunov <gorcunov@gmail.com>
Date: Mon, 9 Aug 2010 13:58:22 +0400
Subject: [PATCH] BR3041451: Implement upper bound for %rep counter

Since %rep counter is a 64 bit signed integer we have to use some
"maximum possible value" limit (upper bound) otherwise there may be
a situation when %rep counter is 0 or even negative while user
has been passing big positive integer value.

Reported-by: nasm64developer
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
---
 doc/changes.src |  3 +++
 doc/nasmdoc.src |  3 +++
 preproc.c       | 10 +++++++++-
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/doc/changes.src b/doc/changes.src
index a7ee231..d015f9e 100644
--- a/doc/changes.src
+++ b/doc/changes.src
@@ -9,6 +9,9 @@ since 2007.
 
 \S{cl-2.09} Version 2.09
 
+\b Fixed assignment the magnitude of \c{%rep} counter. It is limited
+  to 62 bits now.
+
 \b Fixed NULL dereference if argument of \c{%strlen} resolves
   to whitespace. For example if nonexistent macro parameter is used.
 
diff --git a/doc/nasmdoc.src b/doc/nasmdoc.src
index ab343e5..e797329 100644
--- a/doc/nasmdoc.src
+++ b/doc/nasmdoc.src
@@ -3211,6 +3211,9 @@ infinite loop in the preprocessor, which (on multitasking or
 multi-user systems) would typically cause all the system memory to
 be gradually used up and other applications to start crashing.
 
+Note a maximum repeat count is limited by 62 bit number, though it
+is hardly possible that you ever need anything bigger.
+
 
 \H{files} Source Files and Dependencies
 
diff --git a/preproc.c b/preproc.c
index 885b3a9..64c481a 100644
--- a/preproc.c
+++ b/preproc.c
@@ -326,6 +326,9 @@ enum {
  */
 #define DEADMAN_LIMIT (1 << 20)
 
+/* max reps */
+#define REP_LIMIT ((INT64_C(1) << 62))
+
 /*
  * Condition codes. Note that we use c_ prefix not C_ because C_ is
  * used in nasm.h for the "real" condition codes. At _this_ level,
@@ -2895,7 +2898,12 @@ issue_error:
                 error(ERR_NONFATAL, "non-constant value given to `%%rep'");
                 return DIRECTIVE_FOUND;
             }
-            count = reloc_value(evalresult) + 1;
+            count = reloc_value(evalresult);
+            if (count >= REP_LIMIT) {
+                error(ERR_NONFATAL, "`%%rep' evalue exceeds limit");
+                count = 0;
+            } else
+                count++;
         } else {
             error(ERR_NONFATAL, "`%%rep' expects a repeat count");
             count = 0;
-- 
2.7.4