[前][次][番号順一覧][スレッド一覧]

ruby-changes:21058

From: nagachika <ko1@a...>
Date: Sun, 28 Aug 2011 15:58:18 +0900 (JST)
Subject: [ruby-changes:21058] nagachika:r33107 (ruby_1_9_3): * backport r33106 from trunk.

nagachika	2011-08-28 15:58:06 +0900 (Sun, 28 Aug 2011)

  New Revision: 33107

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=33107

  Log:
    * backport r33106 from trunk.
    
    * ext/date/date_parse.c (date_zone_to_diff): keep a temporary string
      stored in variable while the contents buffer is beeing used.
    
    * ext/date/date_parse.c (date_zone_to_diff): get rid of out of bounds
      memory read. [ruby-dev:44409] [Bug #5213]

  Modified files:
    branches/ruby_1_9_3/ChangeLog
    branches/ruby_1_9_3/ext/date/date_parse.c

Index: ruby_1_9_3/ChangeLog
===================================================================
--- ruby_1_9_3/ChangeLog	(revision 33106)
+++ ruby_1_9_3/ChangeLog	(revision 33107)
@@ -1,3 +1,13 @@
+Sun Aug 28 15:38:17 2011  CHIKANAGA Tomoyuki  <nagachika00@g...>
+
+	* backport r33106 from trunk.
+
+	* ext/date/date_parse.c (date_zone_to_diff): keep a temporary string
+	  stored in variable while the contents buffer is beeing used.
+
+	* ext/date/date_parse.c (date_zone_to_diff): get rid of out of bounds
+	  memory read. [ruby-dev:44409] [Bug #5213]
+
 Sun Aug 28 05:29:50 2011  Ryan Davis  <ryand-ruby@z...>
 
 	* backport r33102 from trunk.
Index: ruby_1_9_3/ext/date/date_parse.c
===================================================================
--- ruby_1_9_3/ext/date/date_parse.c	(revision 33106)
+++ ruby_1_9_3/ext/date/date_parse.c	(revision 33107)
@@ -392,10 +392,10 @@
 	dl = RSTRING_LEN(str) - (sizeof DST - 1);
 	ds = RSTRING_PTR(str) + dl;
 
-	if (strcmp(ss, STD) == 0) {
+	if (sl >= 0 && strcmp(ss, STD) == 0) {
 	    str = rb_str_new(RSTRING_PTR(str), sl);
 	}
-	else if (strcmp(ds, DST) == 0) {
+	else if (dl >= 0 && strcmp(ds, DST) == 0) {
 	    str = rb_str_new(RSTRING_PTR(str), dl);
 	    dst = 1;
 	}
@@ -409,7 +409,7 @@
 	    dl = RSTRING_LEN(str) - (sizeof DST - 1);
 	    ds = RSTRING_PTR(str) + dl;
 
-	    if (strcmp(ds, DST) == 0) {
+	    if (dl >= 0 && strcmp(ds, DST) == 0) {
 		str = rb_str_new(RSTRING_PTR(str), dl);
 		dst = 1;
 	    }
@@ -441,8 +441,10 @@
 	    char *s, *p;
 	    VALUE sign;
 	    VALUE hour = Qnil, min = Qnil, sec = Qnil;
+	    VALUE str_orig;
 
 	    s = RSTRING_PTR(str);
+	    str_orig = str;
 
 	    if (strncmp(s, "gmt", 3) == 0 ||
 		strncmp(s, "utc", 3) == 0)
@@ -467,6 +469,7 @@
 		    }
 		    else
 			min = rb_str_new2(s);
+		    RB_GC_GUARD(str_orig);
 		    goto num;
 		}
 		if (strpbrk(RSTRING_PTR(str), ",.")) {

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]