ruby-changes:38627
From: nobu <ko1@a...>
Date: Mon, 1 Jun 2015 10:55:44 +0900 (JST)
Subject: [ruby-changes:38627] nobu:r50708 (trunk): tkutil.c: fix out-of-bounds access
nobu 2015-06-01 10:55:10 +0900 (Mon, 01 Jun 2015) New Revision: 50708 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=50708 Log: tkutil.c: fix out-of-bounds access * ext/tk/tkutil/tkutil.c (cbsubst_table_setup): check array length not access out-of-bounds. Modified files: trunk/ext/tk/tkutil/tkutil.c Index: ext/tk/tkutil/tkutil.c =================================================================== --- ext/tk/tkutil/tkutil.c (revision 50707) +++ ext/tk/tkutil/tkutil.c (revision 50708) @@ -1617,6 +1617,7 @@ cbsubst_table_setup(argc, argv, self) https://github.com/ruby/ruby/blob/trunk/ext/tk/tkutil/tkutil.c#L1617 for(idx = 0; idx < len; idx++) { inf = RARRAY_PTR(proc_inf)[idx]; if (!RB_TYPE_P(inf, T_ARRAY)) continue; + if (RARRAY_LEN(inf) < 2) continue; rb_hash_aset(subst_inf->proc, (RB_TYPE_P(RARRAY_PTR(inf)[0], T_STRING)? INT2FIX(*(RSTRING_PTR(RARRAY_PTR(inf)[0]))) : -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/