Bryan O'Sullivan avatar Bryan O'Sullivan committed de7cb0c

Properly fix the int overflow bug reported by Ian

Comments (0)

Files changed (4)

     | n <= 0 || l <= 0 = empty
     | n == 1           = t
     | isSingleton t    = replicateChar n (unsafeHead t)
+    | len < n          = error $ "Data.Text.replicate: invalid length " ++
+                                 show n -- multiplication overflow
     | otherwise        = Text (A.run x) 0 len
   where
     len = l * n

Data/Text/Array.hs

 -- | Create an uninitialized mutable array.
 new :: forall s. Int -> ST s (MArray s)
 new n
-  | len < 0 = error $ "Data.Text.Array.unsafeNew: invalid length " ++ show n
+  | len < n = error $ "Data.Text.Array.unsafeNew: invalid length " ++ show n
   | otherwise = ST $ \s1# ->
        case newByteArray# len# s1# of
          (# s2#, marr# #) -> (# s2#, MArray marr#

tests/Regressions.hs

-{-# LANGUAGE ScopedTypeVariables #-}
+{-# LANGUAGE OverloadedStrings, ScopedTypeVariables #-}
 
 -- Regression tests for specific bugs.
 
 import System.IO
 import qualified Data.ByteString as B
 import qualified Data.ByteString.Lazy as LB
+import qualified Data.Text as T
 import qualified Data.Text.IO as T
 import qualified Data.Text.Lazy as LT
 import qualified Data.Text.Lazy.Encoding as LE
   handle (\(_::SomeException) -> return ()) $
     T.hGetContents h' >> assertFailure "T.hGetContents should crash"
 
+-- Reported by Ian Lynagh: attempting to allocate a sufficiently large
+-- string (via either Array.new or Text.replicate) could result in an
+-- integer overflow.
+replicate_crash = handle (\(_::SomeException) -> return ()) $
+                  T.replicate (2^power) "0123456789abcdef" `seq`
+                  assertFailure "T.replicate should crash"
+  where
+    power | maxBound == (2147483647::Int) = 28
+          | otherwise                     = 60 :: Int
+
 tests :: F.Test
 tests = F.testGroup "crashers" [
           F.testCase "hGetContents_crash" hGetContents_crash
         , F.testCase "lazy_encode_crash" lazy_encode_crash
+        , F.testCase "replicate_crash" replicate_crash
         ]
 
 main = F.defaultMain [tests]
 name:           text
-version:        0.9.0.2
+version:        0.9.0.1
 homepage:       http://code.haskell.org/text
 synopsis:       An efficient packed Unicode text type.
 description:    
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.