Open XmiliaH opened 3 years ago
There is an integer overflow in raviH_new_integer_array at https://github.com/dibyendumajumdar/ravi/blob/56a59a1f3117a8bc88206305b94398678de1bdff/src/ltable.c#L893 When the requested array size is 0xFFFFFFFF the array being allocated is of size 0 but the initialization will segfault as can be seen from running table.intarray(0xFFFFFFFF).
raviH_new_integer_array
0xFFFFFFFF
table.intarray(0xFFFFFFFF)
The same holds for the raviH_new_number_array function.
raviH_new_number_array
Thank you for the report
dibyendumajumdar
commented
3 years ago dibyendumajumdar
commented
3 years ago
There is an integer overflow in
raviH_new_integer_arrayat https://github.com/dibyendumajumdar/ravi/blob/56a59a1f3117a8bc88206305b94398678de1bdff/src/ltable.c#L893 When the requested array size is0xFFFFFFFFthe array being allocated is of size 0 but the initialization will segfault as can be seen from runningtable.intarray(0xFFFFFFFF).The same holds for the
raviH_new_number_arrayfunction.