ruby-changes:19403
From: shyouhei <ko1@a...>
Date: Fri, 6 May 2011 15:30:16 +0900 (JST)
Subject: [ruby-changes:19403] Ruby:r31443 (trunk): * ext/syck/rubyext.c (mktime_do): avoid buffer overrun, by
shyouhei 2011-05-06 15:19:17 +0900 (Fri, 06 May 2011) New Revision: 31443 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=31443 Log: * ext/syck/rubyext.c (mktime_do): avoid buffer overrun, by silently ignoring lesser significant digits. Required buffer length can be computable so you might at first think of allocating enough memory space on the fly using alloca(). That is a wrong idea because when using alloca there is always risk of integer overflow. A function that accepts outer-process resources like this should not blindly trust its inputs. In this particular case we just want to generate miliseconds resolution by strtod() so the string in question needs no more length than what we originally have. Ignoring lesser significant digits should suffice I believe. Modified files: trunk/ChangeLog trunk/ext/syck/rubyext.c Index: ChangeLog =================================================================== --- ChangeLog (revision 31442) +++ ChangeLog (revision 31443) @@ -1,3 +1,17 @@ +Fri May 6 15:01:11 2011 URABE Shyouhei <shyouhei@r...> + + * ext/syck/rubyext.c (mktime_do): avoid buffer overrun, by + silently ignoring lesser significant digits. Required buffer + length can be computable so you might at first think of + allocating enough memory space on the fly using alloca(). That + is a wrong idea because when using alloca there is always risk + of integer overflow. A function that accepts outer-process + resources like this should not blindly trust its inputs. In + this particular case we just want to generate miliseconds + resolution by strtod() so the string in question needs no more + length than what we originally have. Ignoring lesser + significant digits should suffice I believe. + Fri May 6 14:25:53 2011 Tinco Andringa <mail@t...> * ext/syck/rubyext.c (mktime_do): YAML.load time correctly parse Index: ext/syck/rubyext.c =================================================================== --- ext/syck/rubyext.c (revision 31442) +++ ext/syck/rubyext.c (revision 31443) @@ -281,12 +281,6 @@ while ( isdigit( *end ) ) end++; length = (int)(end - begin) <= padding ? (int)(end - begin) : padding; MEMCPY(padded, begin, char, length); - length = (int)(end - begin); - if (length > padding) { - length = length - padding; - MEMCPY(padded + offset, begin + padding, char, length); - } - usec = strtod(padded, NULL); } else -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/