It is possible to trigger a segmentation fault while processing
an evaluation of repeating string. On a Linux 64 bit system,
enter this (or adjust arguments for 32 bit accordingly):
/eval -n ${repeat:1073741824,----}
It will overflow an integer calculation because int instead of
size_t is used. Proper check of int limitations fixes this issue.
I haven't changed this specific piece of code to size_t because it
would crash in other parts of the code tree instead. For now, int
is a limitating factor when it comes to strings (and should be
enough for sane use cases).
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
f7b84fcc67