ruby-changes:47598
From: rhe <ko1@a...>
Date: Fri, 1 Sep 2017 17:16:43 +0900 (JST)
Subject: [ruby-changes:47598] rhe:r59714 (trunk): object.c: fix potential oob write in rb_str_to_dbl()
rhe 2017-09-01 17:16:38 +0900 (Fri, 01 Sep 2017) New Revision: 59714 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=59714 Log: object.c: fix potential oob write in rb_str_to_dbl() Ensure space for the terminating NUL byte. Note that this code path is reachable only when Ruby is compiled with SHARABLE_MIDDLE_SUBSTRING=1. Modified files: trunk/object.c Index: object.c =================================================================== --- object.c (revision 59713) +++ object.c (revision 59714) @@ -3302,7 +3302,7 @@ rb_str_to_dbl(VALUE str, int badcheck) https://github.com/ruby/ruby/blob/trunk/object.c#L3302 rb_raise(rb_eArgError, "string for Float contains null byte"); } if (s[len]) { /* no sentinel somehow */ - char *p = ALLOCV(v, len); + char *p = ALLOCV(v, (size_t)len + 1); MEMCPY(p, s, char, len); p[len] = '\0'; s = p; -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/