mirror of https://github.com/svaarala/duktape.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
48 lines
1.6 KiB
48 lines
1.6 KiB
--- !ditz.rubyforge.org,2008-03-06/issue
|
|
title: check for maximum size when allocating (or resizing) buffers and strings
|
|
desc: |-
|
|
Currently the implementation adds the header overhead to the requested
|
|
allocation size before allocating. If the result overflows, an undersize
|
|
allocation happens -- the allocation size does not even cover the heap
|
|
header.
|
|
|
|
This applies to both buffers and strings.
|
|
type: :bugfix
|
|
component: duk
|
|
release: v0.8
|
|
reporter: sva <sami.vaarala@iki.fi>
|
|
status: :closed
|
|
disposition: :fixed
|
|
creation_time: 2013-08-01 21:19:35.438114 Z
|
|
references: []
|
|
|
|
id: 7a8c6688d5b86d9d2403b286d0dc00f44fad5f7b
|
|
log_events:
|
|
- - 2013-08-01 21:19:35.690953 Z
|
|
- sva <sami.vaarala@iki.fi>
|
|
- created
|
|
- ""
|
|
- - 2013-08-01 21:33:35.017475 Z
|
|
- sva <sami.vaarala@iki.fi>
|
|
- commented
|
|
- |-
|
|
The string pushing implementation has a size overflow problem but also
|
|
another problem: the string length is passed around as a duk_u32 which
|
|
will incorrectly clamp on 64-bit platforms.
|
|
|
|
The two bugs can be fixed by imposing a maximum size limit for strings
|
|
which is less than the duk_u32 range (we don't support strings longer
|
|
than 2**32 anyway). Another alternative is to change the internal
|
|
string helpers to use a size_t.
|
|
- - 2013-08-27 20:40:01.277065 Z
|
|
- sva <sami.vaarala@iki.fi>
|
|
- assigned to release v0.7 from v0.6
|
|
- ""
|
|
- - 2013-10-24 00:43:52.942732 Z
|
|
- sva <sami.vaarala@iki.fi>
|
|
- assigned to release v0.8 from v0.7
|
|
- ""
|
|
- - 2013-12-12 23:27:39.350444 Z
|
|
- sva <sami.vaarala@iki.fi>
|
|
- closed with disposition fixed
|
|
- ""
|
|
|