From fab0592bc3f1dc6da5dae1790879da678cbc128e Mon Sep 17 00:00:00 2001 From: Juan Jose Garcia Ripoll Date: Fri, 17 Dec 2010 23:54:55 +0100 Subject: [PATCH] Buffer overrun in bignum_to_string with negative numbers. --- src/c/printer/integer_to_string.d | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/c/printer/integer_to_string.d b/src/c/printer/integer_to_string.d index 8ea4c7351..7896c5264 100644 --- a/src/c/printer/integer_to_string.d +++ b/src/c/printer/integer_to_string.d @@ -27,7 +27,9 @@ bignum_to_string(cl_object buffer, cl_object x, cl_object base) } str_size = mpz_sizeinbase(x->big.big_num, b); buffer = _ecl_ensure_buffer(buffer, str_size+1); - if (str_size <= 63) { + if (str_size <= 62) { + /* With the leading sign and the trailing null character, + * only 62 digits fit in this buffer. */ char txt[64]; mpz_get_str(txt, b, x->big.big_num); _ecl_string_push_c_string(buffer, txt);