ruby-changes:42200

usa	2016-03-25 18:19:56 +0900 (Fri, 25 Mar 2016)

  New Revision: 54274

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=54274

  Log:
    merge revision(s) 54105,54108,54136,54138: [Backport #12188]
    
    * marshal.c (r_object0): Fix Marshal crash for corrupt extended object.
    
    * marshal.c (r_object0):  raise ArgumentError when linking to undefined
      object.

  Modified directories:
    branches/ruby_2_1/
  Modified files:
    branches/ruby_2_1/ChangeLog
    branches/ruby_2_1/marshal.c
    branches/ruby_2_1/test/ruby/test_marshal.rb
    branches/ruby_2_1/version.h
Index: ruby_2_1/version.h
===================================================================
--- ruby_2_1/version.h	(revision 54273)
+++ ruby_2_1/version.h	(revision 54274)
@@ -1,6 +1,6 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_1/version.h#L1
 #define RUBY_VERSION "2.1.9"
 #define RUBY_RELEASE_DATE "2016-03-25"
-#define RUBY_PATCHLEVEL 471
+#define RUBY_PATCHLEVEL 472
 
 #define RUBY_RELEASE_YEAR 2016
 #define RUBY_RELEASE_MONTH 3
Index: ruby_2_1/marshal.c
===================================================================
--- ruby_2_1/marshal.c	(revision 54273)
+++ ruby_2_1/marshal.c	(revision 54274)
@@ -1515,6 +1515,7 @@ r_object0(struct load_arg *arg, int *ivp https://github.com/ruby/ruby/blob/trunk/ruby_2_1/marshal.c#L1515
 	{
 	    VALUE path = r_unique(arg);
 	    VALUE m = rb_path_to_class(path);
+	    if (NIL_P(extmod)) extmod = rb_ary_tmp_new(0);
 
 	    if (RB_TYPE_P(m, T_CLASS)) { /* prepended */
 		VALUE c;
@@ -1534,7 +1535,6 @@ r_object0(struct load_arg *arg, int *ivp https://github.com/ruby/ruby/blob/trunk/ruby_2_1/marshal.c#L1535
 	    }
 	    else {
 		must_be_module(m, path);
-		if (NIL_P(extmod)) extmod = rb_ary_tmp_new(0);
 		rb_ary_push(extmod, m);
 
 		v = r_object0(arg, 0, extmod);
@@ -1894,6 +1894,11 @@ r_object0(struct load_arg *arg, int *ivp https://github.com/ruby/ruby/blob/trunk/ruby_2_1/marshal.c#L1894
 	rb_raise(rb_eArgError, "dump format error(0x%x)", type);
 	break;
     }
+
+    if (v == Qundef) {
+	rb_raise(rb_eArgError, "dump format error (bad link)");
+    }
+
     return v;
 }
 
Index: ruby_2_1/ChangeLog
===================================================================
--- ruby_2_1/ChangeLog	(revision 54273)
+++ ruby_2_1/ChangeLog	(revision 54274)
@@ -1,3 +1,12 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_1/ChangeLog#L1
+Fri Mar 25 18:18:29 2016  Eric Hodel  <drbrain@s...>
+
+	* marshal.c (r_object0):  raise ArgumentError when linking to undefined
+	  object.
+
+Fri Mar 25 18:18:29 2016  Eric Hodel  <drbrain@s...>
+
+	* marshal.c (r_object0): Fix Marshal crash for corrupt extended object.
+
 Fri Mar 25 18:07:48 2016  Yutaka Kanemoto  <kanemoto@r...>
 
 	* cont.c (rb_fiber_struct): keep context.uc_stack.ss_sp and context.uc_stack.ss_size
Index: ruby_2_1/test/ruby/test_marshal.rb
===================================================================
--- ruby_2_1/test/ruby/test_marshal.rb	(revision 54273)
+++ ruby_2_1/test/ruby/test_marshal.rb	(revision 54274)
@@ -1,5 +1,6 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_1/test/ruby/test_marshal.rb#L1
 require 'test/unit'
 require 'tempfile'
+require_relative 'envutil'
 require_relative 'marshaltestlib'
 
 class TestMarshal < Test::Unit::TestCase
@@ -612,4 +613,22 @@ class TestMarshal < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/ruby_2_1/test/ruby/test_marshal.rb#L613
     obj = [str, str]
     assert_equal(['X', 'X'], Marshal.load(Marshal.dump(obj), ->(v) { v == str ? v.upcase : v }))
   end
+
+  def test_marshal_load_extended_class_crash
+    crash = "\x04\be:\x0F\x00omparableo:\vObject\x00"
+
+    opt = %w[--disable=gems]
+    assert_ruby_status(opt, "Marshal.load(#{crash.dump})")
+  end
+
+  def test_marshal_load_r_prepare_reference_crash
+    crash = "\x04\bI/\x05\x00\x06:\x06E{\x06@\x05T"
+
+    opt = %w[--disable=gems]
+    assert_separately(opt, <<-RUBY)
+      assert_raise_with_message(ArgumentError, /bad link/) do
+        Marshal.load(#{crash.dump})
+      end
+    RUBY
+  end
 end

Property changes on: ruby_2_1
___________________________________________________________________
Modified: svn:mergeinfo
   Merged /trunk:r54105,54108,54136,54138


--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/