ruby-changes:30582
From: nobu <ko1@a...>
Date: Fri, 23 Aug 2013 17:18:05 +0900 (JST)
Subject: [ruby-changes:30582] nobu:r42662 (trunk): win32ole.c: check method name length
nobu 2013-08-23 17:17:53 +0900 (Fri, 23 Aug 2013) New Revision: 42662 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=42662 Log: win32ole.c: check method name length * ext/win32ole/win32ole.c (fole_missing): reject too long method name, as Ruby string length is limited to long. Modified files: trunk/ext/win32ole/win32ole.c Index: ext/win32ole/win32ole.c =================================================================== --- ext/win32ole/win32ole.c (revision 42661) +++ ext/win32ole/win32ole.c (revision 42662) @@ -4073,7 +4073,7 @@ fole_missing(int argc, VALUE *argv, VALU https://github.com/ruby/ruby/blob/trunk/ext/win32ole/win32ole.c#L4073 { ID id; const char* mname; - int n; + size_t n; rb_check_arity(argc, 1, UNLIMITED_ARGUMENTS); id = rb_to_id(argv[0]); mname = rb_id2name(id); @@ -4081,14 +4081,19 @@ fole_missing(int argc, VALUE *argv, VALU https://github.com/ruby/ruby/blob/trunk/ext/win32ole/win32ole.c#L4081 rb_raise(rb_eRuntimeError, "fail: unknown method or property"); } n = strlen(mname); +#if SIZEOF_SIZE_T > SIZEOF_LONG + if (n >= LONG_MAX) { + rb_raise(rb_eRuntimeError, "too long method or property name"); + } +#endif if(mname[n-1] == '=') { rb_check_arity(argc, 2, 2); - argv[0] = rb_enc_str_new(mname, n-1, cWIN32OLE_enc); + argv[0] = rb_enc_str_new(mname, (long)(n-1), cWIN32OLE_enc); return ole_propertyput(self, argv[0], argv[1]); } else { - argv[0] = rb_enc_str_new(mname, n, cWIN32OLE_enc); + argv[0] = rb_enc_str_new(mname, (long)n, cWIN32OLE_enc); return ole_invoke(argc, argv, self, DISPATCH_METHOD|DISPATCH_PROPERTYGET, FALSE); } } -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/