ruby-changes:33221
From: nobu <ko1@a...>
Date: Sun, 9 Mar 2014 13:51:20 +0900 (JST)
Subject: [ruby-changes:33221] nobu:r45300 (trunk): fiddle/function.c: check argument size
nobu 2014-03-09 13:51:17 +0900 (Sun, 09 Mar 2014) New Revision: 45300 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=45300 Log: fiddle/function.c: check argument size * ext/fiddle/function.c (initialize): check argument number if the temporary buffer exceeds size_t max. Modified files: trunk/ext/fiddle/function.c Index: ext/fiddle/function.c =================================================================== --- ext/fiddle/function.c (revision 45299) +++ ext/fiddle/function.c (revision 45300) @@ -11,6 +11,18 @@ https://github.com/ruby/ruby/blob/trunk/ext/fiddle/function.c#L11 VALUE cFiddleFunction; +#define MAX_ARGS (SIZE_MAX / (sizeof(void *) + sizeof(fiddle_generic)) - 1) + +#define Check_Max_Args(name, len) \ + if ((size_t)(len) < MAX_ARGS) { \ + /* OK */ \ + } \ + else { \ + rb_raise(rb_eTypeError, \ + name" is so large that it can cause integer overflow (%d)", \ + (len)); \ + } + static void deallocate(void *p) { @@ -84,6 +96,7 @@ initialize(int argc, VALUE argv[], VALUE https://github.com/ruby/ruby/blob/trunk/ext/fiddle/function.c#L96 if(NIL_P(abi)) abi = INT2NUM(FFI_DEFAULT_ABI); Check_Type(args, T_ARRAY); + Check_Max_Args("args", RARRAY_LENINT(args)); rb_iv_set(self, "@ptr", ptr); rb_iv_set(self, "@args", args); @@ -129,6 +142,7 @@ function_call(int argc, VALUE argv[], VA https://github.com/ruby/ruby/blob/trunk/ext/fiddle/function.c#L142 types = rb_iv_get(self, "@args"); cPointer = rb_const_get(mFiddle, rb_intern("Pointer")); + Check_Max_Args("number of arguments", argc); if(argc != RARRAY_LENINT(types)) { rb_raise(rb_eArgError, "wrong number of arguments (%d for %d)", argc, RARRAY_LENINT(types)); -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/