Properly check for an integer overflow in Chunk#initialize.

[ruby-eet.git] / ext / ext.c

diff --git a/ext/ext.c b/ext/ext.c
index 63096a7e744cd9cad366a946c97bf217036f630a..12b850014f25ae4aa0fa5d8c023793583c7c91fb 100644 (file)
--- a/ext/ext.c
+++ b/ext/ext.c
@@ -1,5 +1,5 @@
 /*
- * $Id: ext.c 67 2005-06-29 15:44:09Z tilman $
+ * $Id: ext.c 68 2005-06-29 16:50:47Z tilman $
  *
  * Copyright (c) 2005 Tilman Sauerbeck (tilman at code-monkey de)
  *
@@ -467,7 +467,7 @@ stream_serialize (VALUE self)
 static VALUE
 chunk_init (VALUE self, VALUE tag, VALUE data)
 {
-       unsigned long len;
+       long tag_len, data_len, tmp;
 
        StringValue (tag);
        StringValue (data);
@@ -478,8 +478,11 @@ chunk_init (VALUE self, VALUE tag, VALUE data)
        /* libeet uses a signed 32bit integer to store the
         * chunk size, so make sure we don't overflow it
         */
-       len = RSTRING (tag)->len + 1 + RSTRING (data)->len;
-       if (len < 0 || len >= 2147483647L)
+       tag_len = RSTRING (tag)->len;
+       data_len = RSTRING (data)->len;
+       tmp = tag_len + 1 + data_len;
+
+       if (tmp < tag_len || tmp < data_len || tmp < 1 || tmp >= 2147483647L)
                rb_raise (rb_eArgError, "tag or data too long");
 
        rb_ivar_set (self, id_tag, rb_str_dup_frozen (tag));