mirrors/ecl
1
Fork 0
mirror of https://gitlab.com/embeddable-common-lisp/ecl.git synced 2026-01-15 05:43:19 -08:00
Code Issues Projects Releases Packages Wiki Activity

Buffer overrun in bignum_to_string with negative numbers.

Browse source
This commit is contained in:
Juan Jose Garcia Ripoll 2010-12-17 23:54:55 +01:00
parent ba200e2d07
commit fab0592bc3
1 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/c/printer/integer_to_string.d
View file

@ -27,7 +27,9 @@ bignum_to_string(cl_object buffer, cl_object x, cl_object base)
}
str_size = mpz_sizeinbase(x->big.big_num, b);
buffer = _ecl_ensure_buffer(buffer, str_size+1);
if (str_size <= 63) {
if (str_size <= 62) {
/* With the leading sign and the trailing null character,
* only 62 digits fit in this buffer. */
char txt[64];
mpz_get_str(txt, b, x->big.big_num);
_ecl_string_push_c_string(buffer, txt);