[前][次][番号順一覧][スレッド一覧]

ruby-changes:19403

From: shyouhei <ko1@a...>
Date: Fri, 6 May 2011 15:30:16 +0900 (JST)
Subject: [ruby-changes:19403] Ruby:r31443 (trunk): * ext/syck/rubyext.c (mktime_do): avoid buffer overrun, by

shyouhei	2011-05-06 15:19:17 +0900 (Fri, 06 May 2011)

  New Revision: 31443

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=31443

  Log:
    * ext/syck/rubyext.c (mktime_do): avoid buffer overrun, by
      silently ignoring lesser significant digits.  Required buffer
      length can be computable so you might at first think of
      allocating enough memory space on the fly using alloca().  That
      is a wrong idea because when using alloca there is always risk
      of integer overflow.  A function that accepts outer-process
      resources like this should not blindly trust its inputs.  In
      this particular case we just want to generate miliseconds
      resolution by strtod() so the string in question needs no more
      length than what we originally have.  Ignoring lesser
      significant digits should suffice I believe.

  Modified files:
    trunk/ChangeLog
    trunk/ext/syck/rubyext.c

Index: ChangeLog
===================================================================
--- ChangeLog	(revision 31442)
+++ ChangeLog	(revision 31443)
@@ -1,3 +1,17 @@
+Fri May  6 15:01:11 2011  URABE Shyouhei  <shyouhei@r...>
+
+	* ext/syck/rubyext.c (mktime_do): avoid buffer overrun, by
+	  silently ignoring lesser significant digits.  Required buffer
+	  length can be computable so you might at first think of
+	  allocating enough memory space on the fly using alloca().  That
+	  is a wrong idea because when using alloca there is always risk
+	  of integer overflow.  A function that accepts outer-process
+	  resources like this should not blindly trust its inputs.  In
+	  this particular case we just want to generate miliseconds
+	  resolution by strtod() so the string in question needs no more
+	  length than what we originally have.  Ignoring lesser
+	  significant digits should suffice I believe.
+
 Fri May  6 14:25:53 2011  Tinco Andringa <mail@t...>
 
 	* ext/syck/rubyext.c (mktime_do): YAML.load time correctly parse
Index: ext/syck/rubyext.c
===================================================================
--- ext/syck/rubyext.c	(revision 31442)
+++ ext/syck/rubyext.c	(revision 31443)
@@ -281,12 +281,6 @@
         while ( isdigit( *end ) ) end++;
         length = (int)(end - begin) <= padding ? (int)(end - begin) : padding;
         MEMCPY(padded, begin, char, length);
-        length = (int)(end - begin);
-        if (length > padding) {
-          length = length - padding;
-          MEMCPY(padded + offset, begin + padding, char, length);
-        }
-
         usec = strtod(padded, NULL);
     }
     else

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]