From 7c4cc505dbf67f9a0c09583588c9697d9f239a07 Mon Sep 17 00:00:00 2001 From: Roberto Ierusalimschy Date: Thu, 20 Jun 2013 12:06:51 -0300 Subject: [PATCH] added "reasonable" limit for 'string.rep' (otherwise it is too easy to crash the machine) --- lstrlib.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/lstrlib.c b/lstrlib.c index cb27492c..8ca34691 100644 --- a/lstrlib.c +++ b/lstrlib.c @@ -1,11 +1,12 @@ /* -** $Id: lstrlib.c,v 1.180 2013/06/07 14:51:10 roberto Exp roberto $ +** $Id: lstrlib.c,v 1.181 2013/06/19 14:29:01 roberto Exp roberto $ ** Standard library for string operations and pattern-matching ** See Copyright Notice in lua.h */ #include +#include #include #include #include @@ -102,8 +103,12 @@ static int str_upper (lua_State *L) { } -/* reasonable limit to avoid arithmetic overflow */ -#define MAXSIZE ((~(size_t)0) >> 1) +/* reasonable limit to avoid arithmetic overflow and strings too big */ +#if INT_MAX / 2 <= 0x10000000 +#define MAXSIZE ((size_t)(INT_MAX / 2)) +#else +#define MAXSIZE ((size_t)0x10000000) +#endif static int str_rep (lua_State *L) { size_t l, lsep;