Lines 22-27
USA.
Link Here
|
22 |
|
22 |
|
23 |
#include "slinclud.h" |
23 |
#include "slinclud.h" |
24 |
#include <math.h> |
24 |
#include <math.h> |
|
|
25 |
#include <limits.h> |
25 |
|
26 |
|
26 |
/* #define SL_APP_WANTS_FOREACH */ |
27 |
/* #define SL_APP_WANTS_FOREACH */ |
27 |
#include "slang.h" |
28 |
#include "slang.h" |
Lines 312-317
void SLang_free_array (SLang_Array_Type *at)
Link Here
|
312 |
free_array (at); |
313 |
free_array (at); |
313 |
} |
314 |
} |
314 |
|
315 |
|
|
|
316 |
/* Here, a and b are assumed to be non-negative */ |
317 |
static int check_overflow_mult_i (SLindex_Type a, SLindex_Type b, SLindex_Type *cp) |
318 |
{ |
319 |
if ((a < 0) || (b < 0) || ((b > 0) && (a > INT_MAX/b))) |
320 |
return -1; |
321 |
|
322 |
*cp = a*b; |
323 |
|
324 |
return 0; |
325 |
} |
326 |
|
327 |
static int check_overflow_mult_ui (SLuindex_Type a, SLindex_Type b, SLuindex_Type *cp) |
328 |
{ |
329 |
if ((b < 0) || ((b > 0) && (a/(SLuindex_Type)b) > UINT_MAX)) |
330 |
return -1; |
331 |
|
332 |
*cp = a*(SLuindex_Type)b; |
333 |
return 0; |
334 |
} |
335 |
|
315 |
SLang_Array_Type * |
336 |
SLang_Array_Type * |
316 |
SLang_create_array1 (SLtype type, int read_only, VOID_STAR data, |
337 |
SLang_create_array1 (SLtype type, int read_only, VOID_STAR data, |
317 |
SLindex_Type *dims, unsigned int num_dims, int no_init) |
338 |
SLindex_Type *dims, unsigned int num_dims, int no_init) |
Lines 366-381
SLang_create_array1 (SLtype type, int read_only, VOID_STAR data,
Link Here
|
366 |
num_elements = 1; |
387 |
num_elements = 1; |
367 |
for (i = 0; i < num_dims; i++) |
388 |
for (i = 0; i < num_dims; i++) |
368 |
{ |
389 |
{ |
369 |
SLindex_Type new_num_elements; |
|
|
370 |
at->dims[i] = dims[i]; |
390 |
at->dims[i] = dims[i]; |
371 |
new_num_elements = dims[i] * num_elements; |
391 |
|
372 |
if (dims[i] && (new_num_elements/dims[i] != num_elements)) |
392 |
if (-1 == check_overflow_mult_i (num_elements, dims[i], &num_elements)) |
373 |
{ |
393 |
{ |
374 |
throw_size_error (SL_Index_Error); |
394 |
throw_size_error (SL_Index_Error); |
375 |
free_array (at); |
395 |
free_array (at); |
376 |
return NULL; |
396 |
return NULL; |
377 |
} |
397 |
} |
378 |
num_elements = new_num_elements; |
|
|
379 |
} |
398 |
} |
380 |
|
399 |
|
381 |
/* Now set the rest of the unused dimensions to 1. This makes it easier |
400 |
/* Now set the rest of the unused dimensions to 1. This makes it easier |
Lines 395-402
SLang_create_array1 (SLtype type, int read_only, VOID_STAR data,
Link Here
|
395 |
return at; |
414 |
return at; |
396 |
} |
415 |
} |
397 |
|
416 |
|
398 |
size = (num_elements * sizeof_type); |
417 |
/* SLmalloc is currently limited to the use of unsigned integers. |
399 |
if ((size/sizeof_type != num_elements) || (size < 0)) |
418 |
* So include the size of the type as well. |
|
|
419 |
*/ |
420 |
if (-1 == check_overflow_mult_i (num_elements, sizeof_type, &size)) |
400 |
{ |
421 |
{ |
401 |
throw_size_error (SL_INVALID_PARM); |
422 |
throw_size_error (SL_INVALID_PARM); |
402 |
free_array (at); |
423 |
free_array (at); |
Lines 1103-1109
convert_nasty_index_objs (SLang_Array_Type *at,
Link Here
|
1103 |
total_num_elements = 1; |
1124 |
total_num_elements = 1; |
1104 |
for (i = 0; i < num_indices; i++) |
1125 |
for (i = 0; i < num_indices; i++) |
1105 |
{ |
1126 |
{ |
1106 |
SLuindex_Type new_total_num_elements; |
|
|
1107 |
SLang_Object_Type *obj = index_objs + i; |
1127 |
SLang_Object_Type *obj = index_objs + i; |
1108 |
range_delta_buf [i] = 0; |
1128 |
range_delta_buf [i] = 0; |
1109 |
|
1129 |
|
Lines 1145-1157
convert_nasty_index_objs (SLang_Array_Type *at,
Link Here
|
1145 |
} |
1165 |
} |
1146 |
} |
1166 |
} |
1147 |
|
1167 |
|
1148 |
new_total_num_elements = total_num_elements * max_dims[i]; |
1168 |
if (-1 == check_overflow_mult_ui (total_num_elements, max_dims[i], &total_num_elements)) |
1149 |
if (max_dims[i] && (new_total_num_elements/max_dims[i] != total_num_elements)) |
|
|
1150 |
{ |
1169 |
{ |
1151 |
throw_size_error (SL_INVALID_PARM); |
1170 |
throw_size_error (SL_INVALID_PARM); |
1152 |
return -1; |
1171 |
return -1; |
1153 |
} |
1172 |
} |
1154 |
total_num_elements = new_total_num_elements; |
|
|
1155 |
} |
1173 |
} |
1156 |
|
1174 |
|
1157 |
*num_elements = total_num_elements; |
1175 |
*num_elements = total_num_elements; |