ruby-changes:16867
From: nobu <ko1@a...>
Date: Thu, 5 Aug 2010 12:39:40 +0900 (JST)
Subject: [ruby-changes:16867] Ruby:r28863 (trunk): * string.c (str_make_independent_expand): fix buffer overflow
nobu 2010-08-05 12:39:19 +0900 (Thu, 05 Aug 2010) New Revision: 28863 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=28863 Log: * string.c (str_make_independent_expand): fix buffer overflow while shrinking. Modified files: trunk/ChangeLog trunk/string.c Index: ChangeLog =================================================================== --- ChangeLog (revision 28862) +++ ChangeLog (revision 28863) @@ -1,3 +1,8 @@ +Thu Aug 5 12:39:14 2010 Nobuyoshi Nakada <nobu@r...> + + * string.c (str_make_independent_expand): fix buffer overflow + while shrinking. + Thu Aug 5 06:42:31 2010 Tanaka Akira <akr@f...> * file.c (realpath_rec): call rb_str_modify before rb_str_set_len. Index: string.c =================================================================== --- string.c (revision 28862) +++ string.c (revision 28863) @@ -1271,8 +1271,9 @@ ptr = ALLOC_N(char, len+expand+1); if (RSTRING_PTR(str)) { - memcpy(ptr, RSTRING_PTR(str), len); + memcpy(ptr, RSTRING_PTR(str), expand < 0 ? len + expand : len); } + len += expand; STR_SET_NOEMBED(str); ptr[len] = 0; RSTRING(str)->as.heap.ptr = ptr; -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/