[前][次][番号順一覧][スレッド一覧]

ruby-changes:40996

From: nobu <ko1@a...>
Date: Sun, 13 Dec 2015 18:23:44 +0900 (JST)
Subject: [ruby-changes:40996] nobu:r53075 (trunk): tkutil.c: check args

nobu	2015-12-13 18:23:36 +0900 (Sun, 13 Dec 2015)

  New Revision: 53075

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=53075

  Log:
    tkutil.c: check args
    
    * ext/tk/tkutil/tkutil.c (cbsubst_table_setup): check types of
      argument elements.  reported by Marcin 'Icewall' Noga of Cisco
      Talos.

  Modified files:
    trunk/ChangeLog
    trunk/ext/tk/tkutil/tkutil.c
Index: ChangeLog
===================================================================
--- ChangeLog	(revision 53074)
+++ ChangeLog	(revision 53075)
@@ -1,3 +1,9 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1
+Sun Dec 13 18:23:37 2015  Nobuyoshi Nakada  <nobu@r...>
+
+	* ext/tk/tkutil/tkutil.c (cbsubst_table_setup): check types of
+	  argument elements.  reported by Marcin 'Icewall' Noga of Cisco
+	  Talos.
+
 Sun Dec 13 18:19:20 2015  Nobuyoshi Nakada  <nobu@r...>
 
 	* ext/win32ole/win32ole.c (ole_vstr2wc): check argument type, vstr
Index: ext/tk/tkutil/tkutil.c
===================================================================
--- ext/tk/tkutil/tkutil.c	(revision 53074)
+++ ext/tk/tkutil/tkutil.c	(revision 53075)
@@ -1564,7 +1564,7 @@ cbsubst_table_setup(argc, argv, self) https://github.com/ruby/ruby/blob/trunk/ext/tk/tkutil/tkutil.c#L1564
   volatile VALUE key_inf;
   volatile VALUE longkey_inf;
   volatile VALUE proc_inf;
-  VALUE inf;
+  VALUE inf, subst, name, type, ivar, proc;
   const VALUE *infp;
   ID id;
   struct cbsubst_info *subst_inf;
@@ -1598,14 +1598,18 @@ cbsubst_table_setup(argc, argv, self) https://github.com/ruby/ruby/blob/trunk/ext/tk/tkutil/tkutil.c#L1598
   for(idx = 0; idx < len; idx++) {
     inf = RARRAY_AREF(key_inf, idx);
     if (!RB_TYPE_P(inf, T_ARRAY)) continue;
+    if (RARRAY_LEN(inf) < 3) continue;
     infp = RARRAY_CONST_PTR(inf);
+    subst = infp[0];
+    type = infp[1];
+    ivar = infp[2];
 
-    chr = NUM2CHR(infp[0]);
-    subst_inf->type[chr] = NUM2CHR(infp[1]);
+    chr = NUM2CHR(subst);
+    subst_inf->type[chr] = NUM2CHR(type);
 
     subst_inf->full_subst_length += 3;
 
-    id = SYM2ID(infp[2]);
+    id = SYM2ID(ivar);
     subst_inf->ivar[chr] = rb_intern_str(rb_sprintf("@%"PRIsVALUE, rb_id2str(id)));
 
     rb_attr(self, id, 1, 0, Qtrue);
@@ -1622,17 +1626,22 @@ cbsubst_table_setup(argc, argv, self) https://github.com/ruby/ruby/blob/trunk/ext/tk/tkutil/tkutil.c#L1626
   for(idx = 0; idx < len; idx++) {
     inf = RARRAY_AREF(longkey_inf, idx);
     if (!RB_TYPE_P(inf, T_ARRAY)) continue;
+    if (RARRAY_LEN(inf) < 3) continue;
     infp = RARRAY_CONST_PTR(inf);
+    name = infp[0];
+    type = infp[1];
+    ivar = infp[2];
 
+    Check_Type(name, T_STRING);
     chr = (unsigned char)(0x80 + idx);
-    subst_inf->keylen[chr] = RSTRING_LEN(infp[0]);
-    subst_inf->key[chr] = strndup(RSTRING_PTR(infp[0]),
-				  RSTRING_LEN(infp[0]));
-    subst_inf->type[chr] = NUM2CHR(infp[1]);
+    subst_inf->keylen[chr] = RSTRING_LEN(name);
+    subst_inf->key[chr] = strndup(RSTRING_PTR(name),
+				  RSTRING_LEN(name));
+    subst_inf->type[chr] = NUM2CHR(type);
 
     subst_inf->full_subst_length += (subst_inf->keylen[chr] + 2);
 
-    id = SYM2ID(infp[2]);
+    id = SYM2ID(ivar);
     subst_inf->ivar[chr] = rb_intern_str(rb_sprintf("@%"PRIsVALUE, rb_id2str(id)));
 
     rb_attr(self, id, 1, 0, Qtrue);

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]