nagachika	2016-03-29 01:23:40 +0900 (Tue, 29 Mar 2016)

  New Revision: 54333

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=54333

  Log:
    merge revision(s) 54105,54108,54136,54138: [Backport #12188]
    
    * marshal.c (r_object0): Fix Marshal crash for corrupt extended object.
    
    * marshal.c (r_object0):  raise ArgumentError when linking to undefined
      object.

  Modified directories:
    branches/ruby_2_2/
  Modified files:
    branches/ruby_2_2/ChangeLog
    branches/ruby_2_2/marshal.c
    branches/ruby_2_2/test/ruby/test_marshal.rb
    branches/ruby_2_2/version.h
Index: ruby_2_2/ChangeLog
===================================================================
--- ruby_2_2/ChangeLog	(revision 54332)
+++ ruby_2_2/ChangeLog	(revision 54333)
@@ -1,3 +1,12 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_2/ChangeLog#L1
+Tue Mar 29 01:22:39 2016  Eric Hodel  <drbrain@s...>
+
+	* marshal.c (r_object0):  raise ArgumentError when linking to undefined
+	  object.
+
+Tue Mar 29 01:22:39 2016  Eric Hodel  <drbrain@s...>
+
+	* marshal.c (r_object0): Fix Marshal crash for corrupt extended object.
+
 Tue Mar 29 01:20:37 2016  Eric Wong  <e@8...>
 
 	* ext/openssl/ossl_ssl.c (ossl_sslctx_setup): document as MT-unsafe
Index: ruby_2_2/version.h
===================================================================
--- ruby_2_2/version.h	(revision 54332)
+++ ruby_2_2/version.h	(revision 54333)
@@ -1,6 +1,6 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_2/version.h#L1
 #define RUBY_VERSION "2.2.5"
 #define RUBY_RELEASE_DATE "2016-03-29"
-#define RUBY_PATCHLEVEL 275
+#define RUBY_PATCHLEVEL 276
 
 #define RUBY_RELEASE_YEAR 2016
 #define RUBY_RELEASE_MONTH 3
Index: ruby_2_2/test/ruby/test_marshal.rb
===================================================================
--- ruby_2_2/test/ruby/test_marshal.rb	(revision 54332)
+++ ruby_2_2/test/ruby/test_marshal.rb	(revision 54333)
@@ -653,4 +653,22 @@ class TestMarshal < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/ruby_2_2/test/ruby/test_marshal.rb#L653
     obj = [str, str]
     assert_equal(['X', 'X'], Marshal.load(Marshal.dump(obj), ->(v) { v == str ? v.upcase : v }))
   end
+
+  def test_marshal_load_extended_class_crash
+    crash = "\x04\be:\x0F\x00omparableo:\vObject\x00"
+
+    opt = %w[--disable=gems]
+    assert_ruby_status(opt, "Marshal.load(#{crash.dump})")
+  end
+
+  def test_marshal_load_r_prepare_reference_crash
+    crash = "\x04\bI/\x05\x00\x06:\x06E{\x06@\x05T"
+
+    opt = %w[--disable=gems]
+    assert_separately(opt, <<-RUBY)
+      assert_raise_with_message(ArgumentError, /bad link/) do
+        Marshal.load(#{crash.dump})
+      end
+    RUBY
+  end
 end
Index: ruby_2_2/marshal.c
===================================================================
--- ruby_2_2/marshal.c	(revision 54332)
+++ ruby_2_2/marshal.c	(revision 54333)
@@ -1582,6 +1582,7 @@ r_object0(struct load_arg *arg, int *ivp https://github.com/ruby/ruby/blob/trunk/ruby_2_2/marshal.c#L1582
 	{
 	    VALUE path = r_unique(arg);
 	    VALUE m = rb_path_to_class(path);
+	    if (NIL_P(extmod)) extmod = rb_ary_tmp_new(0);
 
 	    if (RB_TYPE_P(m, T_CLASS)) { /* prepended */
 		VALUE c;
@@ -1601,7 +1602,6 @@ r_object0(struct load_arg *arg, int *ivp https://github.com/ruby/ruby/blob/trunk/ruby_2_2/marshal.c#L1602
 	    }
 	    else {
 		must_be_module(m, path);
-		if (NIL_P(extmod)) extmod = rb_ary_tmp_new(0);
 		rb_ary_push(extmod, m);
 
 		v = r_object0(arg, 0, extmod);
@@ -1962,6 +1962,11 @@ r_object0(struct load_arg *arg, int *ivp https://github.com/ruby/ruby/blob/trunk/ruby_2_2/marshal.c#L1962
 	rb_raise(rb_eArgError, "dump format error(0x%x)", type);
 	break;
     }
+
+    if (v == Qundef) {
+	rb_raise(rb_eArgError, "dump format error (bad link)");
+    }
+
     return v;
 }
 

Property changes on: ruby_2_2
___________________________________________________________________
Modified: svn:mergeinfo
   Merged /trunk:r54105,54108,54136,54138


--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/