[gnumeric] MUNIT: protect against overflow.
- From: Morten Welinder <mortenw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnumeric] MUNIT: protect against overflow.
- Date: Mon, 2 Aug 2010 15:14:10 +0000 (UTC)
commit 4e1aa5dca9df939e575748091a657c87bcf789af
Author: Morten Welinder <terra gnome org>
Date: Thu Jul 29 09:41:50 2010 -0400
MUNIT: protect against overflow.
plugins/fn-math/ChangeLog | 4 ++++
plugins/fn-math/functions.c | 13 ++++++++++---
2 files changed, 14 insertions(+), 3 deletions(-)
---
diff --git a/plugins/fn-math/ChangeLog b/plugins/fn-math/ChangeLog
index bb4796c..d324fcb 100644
--- a/plugins/fn-math/ChangeLog
+++ b/plugins/fn-math/ChangeLog
@@ -2,6 +2,10 @@
* Release 1.10.8
+2010-07-29 Morten Welinder <terra gnome org>
+
+ * functions.c (gnumeric_munit): Protect against overflow.
+
2010-07-23 Andreas J. Guelzow <aguelzow pyrshep ca>
* functions.c (help_trunc): fix argument description
diff --git a/plugins/fn-math/functions.c b/plugins/fn-math/functions.c
index a1005ca..20b5666 100644
--- a/plugins/fn-math/functions.c
+++ b/plugins/fn-math/functions.c
@@ -2780,13 +2780,20 @@ static GnmValue *
gnumeric_munit (GnmFuncEvalInfo *ei, GnmValue const * const *argv)
{
gnm_float n = value_get_as_float (argv[0]);
- gint ni = (int) n, c;
-
+ gint c, ni;
GnmValue *res;
if (n <= 0)
- return value_new_error_NUM (ei->pos);;
+ return value_new_error_NUM (ei->pos);
+
+ /*
+ * This provides some protection against bogus sizes and
+ * running out of memory.
+ */
+ if (n * n >= G_MAXINT)
+ return value_new_error_NUM (ei->pos);
+ ni = (int)n;
res = value_new_array (ni, ni);
for (c = 0; c < ni; ++c) {
value_release (res->v_array.vals[c][c]);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]