ruby-changes:32786
From: nobu <ko1@a...>
Date: Thu, 6 Feb 2014 20:49:22 +0900 (JST)
Subject: [ruby-changes:32786] nobu:r44865 (trunk): gc.c: check numeric string
nobu 2014-02-06 20:49:14 +0900 (Thu, 06 Feb 2014) New Revision: 44865 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=44865 Log: gc.c: check numeric string * gc.c (get_envparam_int, get_envparam_double): check invalid string as numeric. Modified files: trunk/gc.c Index: gc.c =================================================================== --- gc.c (revision 44864) +++ gc.c (revision 44865) @@ -5652,7 +5652,19 @@ get_envparam_int(const char *name, unsig https://github.com/ruby/ruby/blob/trunk/gc.c#L5652 int val; if (ptr != NULL) { - val = atoi(ptr); + char *end; + long lval = strtol(ptr, &end, 10); + if (!*ptr || *end) { + if (RTEST(ruby_verbose)) fprintf(stderr, "invalid string for %s: %s\n", name, ptr); + return 0; + } +# if LONG_MAX > INT_MAX + if (lval < INT_MIN || INT_MAX < lval) { + if (RTEST(ruby_verbose)) fprintf(stderr, "integer overflow for %s: %ld\n", name, lval); + return 0; + } +# endif + val = (int)lval; if (val > lower_bound) { if (RTEST(ruby_verbose)) fprintf(stderr, "%s=%d (default value: %d)\n", name, val, *default_value); *default_value = val; @@ -5672,7 +5684,12 @@ get_envparam_double(const char *name, do https://github.com/ruby/ruby/blob/trunk/gc.c#L5684 double val; if (ptr != NULL) { - val = strtod(ptr, NULL); + char *end; + val = strtod(ptr, &end); + if (!*ptr || *end) { + if (RTEST(ruby_verbose)) fprintf(stderr, "invalid string for %s: %s\n", name, ptr); + return 0; + } if (val > lower_bound) { if (RTEST(ruby_verbose)) fprintf(stderr, "%s=%f (%f)\n", name, val, *default_value); *default_value = val; -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/