ref: e1793107f2a836afa89be87e5e042eee2ab3166d
parent: cc5869fb55f5cde49859f484efc158083ff75251
author: Ori Bernstein <[email protected]>
date: Sun Sep 14 19:15:20 EDT 2014
Fix buffer overruns.
--- a/libstd/bigint.myr
+++ b/libstd/bigint.myr
@@ -283,7 +283,11 @@
/* guaranteed to carry no more than one value */
a.dig = slzgrow(a.dig, n + 1)
for i = 0; i < n; i++
- v = (a.dig[i] castto(uint64)) + (b.dig[i] castto(uint64)) + carry;
+ v = (a.dig[i] castto(uint64)) + carry;
+ if i < b.dig.len
+ v += (b.dig[i] castto(uint64))
+ ;;
+
if v >= Base
carry = 1
else
@@ -328,7 +332,10 @@
carry = 0
for i = 0; i < a.dig.len; i++
- v = (a.dig[i] castto(int64)) - (b.dig[i] castto(int64)) - carry
+ v = (a.dig[i] castto(int64)) - carry
+ if i < b.dig.len
+ v -= (b.dig[i] castto(int64))
+ ;;
if v < 0
carry = 1
else
@@ -445,6 +452,7 @@
shift = nlz(v.dig[n - 1])
bigshli(u, shift)
bigshli(v, shift)
+ u.dig = slzgrow(u.dig, u.dig.len + 1)
for j = m - n; j >= 0; j--
/* load a few temps */
x = u.dig[j + n] castto(uint64)
--- a/libstd/sort.myr
+++ b/libstd/sort.myr
@@ -35,8 +35,8 @@
var tmp
r = start
- while 2*r + 1 <= sl.len
- c = r*2 + 1
+ while 2*r + 1 < sl.len
+ c = 2*r + 1
s = r
match cmp(sl[s], sl[c])
| `Before: s = c