From bef0d03b4796b78cc2b1b28c680d528d8e9cda21 Mon Sep 17 00:00:00 2001
From: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Wed, 7 Dec 2005 08:42:42 +0000
Subject: * sprintf.c (rb_f_sprintf): [ruby-dev:27967]

* sprintf.c (rb_str_format): integer overflow check added.

* sprintf.c (GETASTER): ditto.


git-svn-id: http://svn.ruby-lang.org/repos/ruby/branches/ruby_1_8@9655 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 sprintf.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'sprintf.c')

diff --git a/sprintf.c b/sprintf.c
index eddb7c33c..9746d189e 100644
--- a/sprintf.c
+++ b/sprintf.c
@@ -113,10 +113,11 @@ sign_bits(base, p)
     t = p++; \
     n = 0; \
     for (; p < end && ISDIGIT(*p); p++) { \
-	if ((n*10) / 10 != n) { \
+	int next_n = 10 * n + (*p - '0'); \
+        if (next_n / 10 != n) {\
 	    rb_raise(rb_eArgError, #val " too big"); \
 	} \
-	n = 10 * n + (*p - '0'); \
+	n = next_n; \
     } \
     if (p >= end) { \
 	rb_raise(rb_eArgError, "malformed format string - %%*[0-9]"); \
@@ -312,7 +313,8 @@ rb_f_sprintf(argc, argv)
 	  case '5': case '6': case '7': case '8': case '9':
 	    n = 0;
 	    for (; p < end && ISDIGIT(*p); p++) {
-		if ((n*10) / 10 != n) {
+		int next_n = 10 * n + (*p - '0');
+		if (next_n / 10 != n) {
 		    rb_raise(rb_eArgError, "width too big");
 		}
 		n = 10 * n + (*p - '0');
-- 
cgit