diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | cint_array.c | 2 |
2 files changed, 7 insertions, 1 deletions
@@ -4,6 +4,12 @@ (pprint): Be smarter for print[f] with redirection that was parenthesized, to not print `printf(("hello\n")) > "..."'. +2020-01-14 Andrew J. Schorr <aschorr@telemetry-investments.com> + + * cint_array.c (cint_array_init): Fix off-by-one error in array + bounds overflow check for an NHAT value set in the environment. + Thanks to Michael Builov <mbuilov@gmail.com> for the report. + 2020-01-08 Arnold D. Robbins <arnold@skeeve.com> Fix a number of subtle memory leaks. Thanks to the diff --git a/cint_array.c b/cint_array.c index 417f27d5..d7171ac8 100644 --- a/cint_array.c +++ b/cint_array.c @@ -175,7 +175,7 @@ cint_array_init(NODE *symbol ATTRIBUTE_UNUSED, NODE *subs ATTRIBUTE_UNUSED) if ((newval = getenv_long("NHAT")) > 1 && newval < INT32_BIT) NHAT = newval; /* don't allow overflow off the end of the table */ - if (NHAT >= nelems) + if (NHAT > nelems - 2) NHAT = nelems - 2; THRESHOLD = power_two_table[NHAT + 1]; } else |