e3716ee161
The cast of n (number of repetitions) to size_t may truncate its value, causing a buffer overflow later. Better to check the buffer size using lua_Integer, as all string lengths must fit in a lua_Integer and n already is a lua_Integer. If everything fits in MAX_SIZE, then we can safely convert n to size_t and compute the buffer size as a size_t. As a corner case, n can be larger than size_t if the strings being repeated have length zero, but in this case it will be multiplied by zero, so an overflow in the cast is irrelevant.
56 KiB
56 KiB