Attachment #8091 for bug #36424

View | Details | Raw Unified | Return to bug 36424
Collapse All | Expand All





#include "slinclud.h"
#include <math.h>
#include <limits.h>

/* #define SL_APP_WANTS_FOREACH */
#include "slang.h"

   free_array (at);
}

/* Here, a and b are assumed to be non-negative */
static int check_overflow_mult_i (SLindex_Type a, SLindex_Type b, SLindex_Type *cp)
{
   if ((a < 0) || (b < 0) || ((b > 0) && (a > INT_MAX/b)))
     return -1;

   *cp = a*b;

   return 0;
}

static int check_overflow_mult_ui (SLuindex_Type a, SLindex_Type b, SLuindex_Type *cp)
{
   if ((b < 0) || ((b > 0) && (a/(SLuindex_Type)b) > UINT_MAX))
     return -1;

   *cp = a*(SLuindex_Type)b;
   return 0;
}

SLang_Array_Type *
SLang_create_array1 (SLtype type, int read_only, VOID_STAR data,
		     SLindex_Type *dims, unsigned int num_dims, int no_init)

   num_elements = 1;
   for (i = 0; i < num_dims; i++)
     {
	SLindex_Type new_num_elements;
	at->dims[i] = dims[i];

	if (-1 == check_overflow_mult_i (num_elements, dims[i], &num_elements))
	  {
	     throw_size_error (SL_Index_Error);
	     free_array (at);
	     return NULL;
	  }
	num_elements = new_num_elements;
     }

   /* Now set the rest of the unused dimensions to 1.  This makes it easier

	return at;
     }

   /* SLmalloc is currently limited to the use of unsigned integers.
    * So include the size of the type as well.
    */
   if (-1 == check_overflow_mult_i (num_elements, sizeof_type, &size))
     {
	throw_size_error (SL_INVALID_PARM);
	free_array (at);

   total_num_elements = 1;
   for (i = 0; i < num_indices; i++)
     {
	SLuindex_Type new_total_num_elements;
	SLang_Object_Type *obj = index_objs + i;
	range_delta_buf [i] = 0;


	       }
	  }

	if (-1 == check_overflow_mult_ui (total_num_elements, max_dims[i], &total_num_elements))
	if (max_dims[i] && (new_total_num_elements/max_dims[i] != total_num_elements))
	  {
	     throw_size_error (SL_INVALID_PARM);
	     return -1;
	  }
       total_num_elements = new_total_num_elements;
     }

   *num_elements = total_num_elements;

Return to bug 36424

Lines 22-27 USA. Link Here

(-)a/src/slarray.c (-10 / +28 lines)
22		22
23	#include "slinclud.h"	23	#include "slinclud.h"
24	#include <math.h>	24	#include <math.h>
		25	#include <limits.h>
25		26
26	/* #define SL_APP_WANTS_FOREACH */	27	/* #define SL_APP_WANTS_FOREACH */
27	#include "slang.h"	28	#include "slang.h"
Lines 312-317 void SLang_free_array (SLang_Array_Type *at) Link Here
312	free_array (at);	313	free_array (at);
313	}	314	}
314		315
		316	/* Here, a and b are assumed to be non-negative */
		317	static int check_overflow_mult_i (SLindex_Type a, SLindex_Type b, SLindex_Type *cp)
		318	{
		319	if ((a < 0) \|\| (b < 0) \|\| ((b > 0) && (a > INT_MAX/b)))
		320	return -1;
		321
		322	cp = ab;
		323
		324	return 0;
		325	}
		326
		327	static int check_overflow_mult_ui (SLuindex_Type a, SLindex_Type b, SLuindex_Type *cp)
		328	{
		329	if ((b < 0) \|\| ((b > 0) && (a/(SLuindex_Type)b) > UINT_MAX))
		330	return -1;
		331
		332	cp = a(SLuindex_Type)b;
		333	return 0;
		334	}
		335
315	SLang_Array_Type *	336	SLang_Array_Type *
316	SLang_create_array1 (SLtype type, int read_only, VOID_STAR data,	337	SLang_create_array1 (SLtype type, int read_only, VOID_STAR data,
317	SLindex_Type *dims, unsigned int num_dims, int no_init)	338	SLindex_Type *dims, unsigned int num_dims, int no_init)
Lines 366-381 SLang_create_array1 (SLtype type, int read_only, VOID_STAR data, Link Here
366	num_elements = 1;	387	num_elements = 1;
367	for (i = 0; i < num_dims; i++)	388	for (i = 0; i < num_dims; i++)
368	{	389	{
369	SLindex_Type new_num_elements;
370	at->dims[i] = dims[i];	390	at->dims[i] = dims[i];
371	new_num_elements = dims[i] * num_elements;	391
372	if (dims[i] && (new_num_elements/dims[i] != num_elements))	392	if (-1 == check_overflow_mult_i (num_elements, dims[i], &num_elements))
373	{	393	{
374	throw_size_error (SL_Index_Error);	394	throw_size_error (SL_Index_Error);
375	free_array (at);	395	free_array (at);
376	return NULL;	396	return NULL;
377	}	397	}
378	num_elements = new_num_elements;
379	}	398	}
380		399
381	/* Now set the rest of the unused dimensions to 1. This makes it easier	400	/* Now set the rest of the unused dimensions to 1. This makes it easier
Lines 395-402 SLang_create_array1 (SLtype type, int read_only, VOID_STAR data, Link Here
395	return at;	414	return at;
396	}	415	}
397		416
398	size = (num_elements * sizeof_type);	417	/* SLmalloc is currently limited to the use of unsigned integers.
399	if ((size/sizeof_type != num_elements) \|\| (size < 0))	418	* So include the size of the type as well.
		419	*/
		420	if (-1 == check_overflow_mult_i (num_elements, sizeof_type, &size))
400	{	421	{
401	throw_size_error (SL_INVALID_PARM);	422	throw_size_error (SL_INVALID_PARM);
402	free_array (at);	423	free_array (at);
Lines 1103-1109 convert_nasty_index_objs (SLang_Array_Type *at, Link Here
1103	total_num_elements = 1;	1124	total_num_elements = 1;
1104	for (i = 0; i < num_indices; i++)	1125	for (i = 0; i < num_indices; i++)
1105	{	1126	{
1106	SLuindex_Type new_total_num_elements;
1107	SLang_Object_Type *obj = index_objs + i;	1127	SLang_Object_Type *obj = index_objs + i;
1108	range_delta_buf [i] = 0;	1128	range_delta_buf [i] = 0;
1109		1129
Lines 1145-1157 convert_nasty_index_objs (SLang_Array_Type *at, Link Here
1145	}	1165	}
1146	}	1166	}
1147		1167
1148	new_total_num_elements = total_num_elements * max_dims[i];	1168	if (-1 == check_overflow_mult_ui (total_num_elements, max_dims[i], &total_num_elements))
1149	if (max_dims[i] && (new_total_num_elements/max_dims[i] != total_num_elements))
1150	{	1169	{
1151	throw_size_error (SL_INVALID_PARM);	1170	throw_size_error (SL_INVALID_PARM);
1152	return -1;	1171	return -1;
1153	}	1172	}
1154	total_num_elements = new_total_num_elements;
1155	}	1173	}
1156		1174
1157	*num_elements = total_num_elements;	1175	*num_elements = total_num_elements;