|
|
|
|
--- !ditz.rubyforge.org,2008-03-06/issue
|
|
|
|
|
title: check for maximum size when allocating (or resizing) buffers and strings
|
|
|
|
|
desc: |-
|
|
|
|
|
Currently the implementation adds the header overhead to the requested
|
|
|
|
|
allocation size before allocating. If the result overflows, an undersize
|
|
|
|
|
allocation happens -- the allocation size does not even cover the heap
|
|
|
|
|
header.
|
|
|
|
|
|
|
|
|
|
This applies to both buffers and strings.
|
|
|
|
|
type: :bugfix
|
|
|
|
|
component: duk
|
|
|
|
|
release: v0.7
|
|
|
|
|
reporter: sva <sami.vaarala@poplatek.fi>
|
|
|
|
|
status: :unstarted
|
|
|
|
|
disposition:
|
|
|
|
|
creation_time: 2013-08-01 21:19:35.438114 Z
|
|
|
|
|
references: []
|
|
|
|
|
|
|
|
|
|
id: 7a8c6688d5b86d9d2403b286d0dc00f44fad5f7b
|
|
|
|
|
log_events:
|
|
|
|
|
- - 2013-08-01 21:19:35.690953 Z
|
|
|
|
|
- sva <sami.vaarala@poplatek.fi>
|
|
|
|
|
- created
|
|
|
|
|
- ""
|
|
|
|
|
- - 2013-08-01 21:33:35.017475 Z
|
|
|
|
|
- sva <sami.vaarala@poplatek.fi>
|
|
|
|
|
- commented
|
|
|
|
|
- |-
|
|
|
|
|
The string pushing implementation has a size overflow problem but also
|
|
|
|
|
another problem: the string length is passed around as a duk_u32 which
|
|
|
|
|
will incorrectly clamp on 64-bit platforms.
|
|
|
|
|
|
|
|
|
|
The two bugs can be fixed by imposing a maximum size limit for strings
|
|
|
|
|
which is less than the duk_u32 range (we don't support strings longer
|
|
|
|
|
than 2**32 anyway). Another alternative is to change the internal
|
|
|
|
|
string helpers to use a size_t.
|
|
|
|
|
- - 2013-08-27 20:40:01.277065 Z
|
|
|
|
|
- sva <sami.vaarala@poplatek.fi>
|
|
|
|
|
- assigned to release v0.7 from v0.6
|
|
|
|
|
- ""
|
