--- !ditz.rubyforge.org,2008-03-06/issue 
title: check for maximum size when allocating (or resizing) buffers and strings
desc: |-
  Currently the implementation adds the header overhead to the requested
  allocation size before allocating.  If the result overflows, an undersize
  allocation happens -- the allocation size does not even cover the heap
  header.
  
  This applies to both buffers and strings.
type: :bugfix
component: duk
release: v0.7
reporter: sva <sami.vaarala@poplatek.fi>
status: :unstarted
disposition: 
creation_time: 2013-08-01 21:19:35.438114 Z
references: []

id: 7a8c6688d5b86d9d2403b286d0dc00f44fad5f7b
log_events: 
- - 2013-08-01 21:19:35.690953 Z
  - sva <sami.vaarala@poplatek.fi>
  - created
  - ""
- - 2013-08-01 21:33:35.017475 Z
  - sva <sami.vaarala@poplatek.fi>
  - commented
  - |-
    The string pushing implementation has a size overflow problem but also
    another problem: the string length is passed around as a duk_u32 which
    will incorrectly clamp on 64-bit platforms.
    
    The two bugs can be fixed by imposing a maximum size limit for strings
    which is less than the duk_u32 range (we don't support strings longer
    than 2**32 anyway).  Another alternative is to change the internal
    string helpers to use a size_t.
- - 2013-08-27 20:40:01.277065 Z
  - sva <sami.vaarala@poplatek.fi>
  - assigned to release v0.7 from v0.6
  - ""