ruby-changes:1880

shyouhei	2007-09-07 14:37:05 +0900 (Fri, 07 Sep 2007)

  New Revision: 13371

  Modified files:
    branches/ruby_1_8_5/ChangeLog
    branches/ruby_1_8_5/string.c
    branches/ruby_1_8_5/version.h

  Log:
    * string.c (rb_str_splice): integer overflow for length.
      [ruby-dev:31739]


  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8_5/string.c?r1=13371&r2=13370
  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8_5/version.h?r1=13371&r2=13370
  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8_5/ChangeLog?r1=13371&r2=13370

Index: ruby_1_8_5/ChangeLog
===================================================================
--- ruby_1_8_5/ChangeLog	(revision 13370)
+++ ruby_1_8_5/ChangeLog	(revision 13371)
@@ -1,3 +1,8 @@
+Fri Sep  7 14:32:38 2007  Yukihiro Matsumoto  <matz@r...>
+
+	* string.c (rb_str_splice): integer overflow for length.
+	  [ruby-dev:31739]
+
 Fri Sep  7 14:27:33 2007  Yukihiro Matsumoto  <matz@r...>
 
 	* eval.c (mnew): should preserve noex as safe_level.
Index: ruby_1_8_5/version.h
===================================================================
--- ruby_1_8_5/version.h	(revision 13370)
+++ ruby_1_8_5/version.h	(revision 13371)
@@ -2,7 +2,7 @@
 #define RUBY_RELEASE_DATE "2007-09-07"
 #define RUBY_VERSION_CODE 185
 #define RUBY_RELEASE_CODE 20070907
-#define RUBY_PATCHLEVEL 105
+#define RUBY_PATCHLEVEL 106
 
 #define RUBY_VERSION_MAJOR 1
 #define RUBY_VERSION_MINOR 8
Index: ruby_1_8_5/string.c
===================================================================
--- ruby_1_8_5/string.c	(revision 13370)
+++ ruby_1_8_5/string.c	(revision 13371)
@@ -1644,7 +1644,7 @@
 	}
 	beg += RSTRING(str)->len;
     }
-    if (RSTRING(str)->len < beg + len) {
+    if (RSTRING(str)->len < len || RSTRING(str)->len < beg + len) {
 	len = RSTRING(str)->len - beg;
     }
 

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml