ruby-changes:50210
From: nobu <ko1@a...>
Date: Fri, 9 Feb 2018 12:15:24 +0900 (JST)
Subject: [ruby-changes:50210] nobu:r62328 (trunk): sprintf.c: overflow check
nobu 2018-02-09 12:15:20 +0900 (Fri, 09 Feb 2018) New Revision: 62328 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=62328 Log: sprintf.c: overflow check * sprintf.c (ruby_do_vsnprintf): pathologically, get rid of negative value when the result length exceeds INT_MAX. Modified files: trunk/sprintf.c Index: sprintf.c =================================================================== --- sprintf.c (revision 62327) +++ sprintf.c (revision 62328) @@ -1275,7 +1275,7 @@ ruby_vsnprintf(char *str, size_t n, cons https://github.com/ruby/ruby/blob/trunk/sprintf.c#L1275 static int ruby_do_vsnprintf(char *str, size_t n, const char *fmt, va_list ap) { - int ret; + ssize_t ret; rb_printf_buffer f; f._flags = __SWR | __SSTR; @@ -1283,9 +1283,12 @@ ruby_do_vsnprintf(char *str, size_t n, c https://github.com/ruby/ruby/blob/trunk/sprintf.c#L1283 f._bf._size = f._w = str ? (n - 1) : 0; f.vwrite = BSD__sfvwrite; f.vextra = 0; - ret = (int)BSD_vfprintf(&f, fmt, ap); + ret = BSD_vfprintf(&f, fmt, ap); if (str) *f._p = 0; - return ret; +#if SIZEOF_SIZE_T > SIZEOF_INT + if (n > INT_MAX) return INT_MAX; +#endif + return (int)ret; } int -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/