ruby-changes:2191
From: ko1@a...
Date: 12 Oct 2007 23:34:51 +0900
Subject: [ruby-changes:2191] matz - Ruby:r13682 (trunk): * array.c (rb_ary_combination): fixed memory corruption due to too
matz 2007-10-12 23:34:37 +0900 (Fri, 12 Oct 2007)
New Revision: 13682
Modified files:
trunk/ChangeLog
trunk/array.c
Log:
* array.c (rb_ary_combination): fixed memory corruption due to too
small memory allocation
* array.c (rb_ary_product): accessing out of memory bounds.
condition fixed.
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/array.c?r1=13682&r2=13681
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ChangeLog?r1=13682&r2=13681
Index: array.c
===================================================================
--- array.c (revision 13681)
+++ array.c (revision 13682)
@@ -3112,7 +3112,7 @@
}
}
else {
- volatile VALUE t0 = tmpbuf(n, sizeof(long));
+ volatile VALUE t0 = tmpbuf(n+1, sizeof(long));
long *stack = (long*)RSTRING_PTR(t0);
long nlen = combi_len(len, n);
volatile VALUE cc = rb_ary_new2(n);
@@ -3199,7 +3199,7 @@
*/
m = n-1;
counters[m]++;
- while (m >= 0 && counters[m] == RARRAY_LEN(arrays[m])) {
+ while (m > 0 && counters[m] == RARRAY_LEN(arrays[m])) {
counters[m] = 0;
m--;
counters[m]++;
Index: ChangeLog
===================================================================
--- ChangeLog (revision 13681)
+++ ChangeLog (revision 13682)
@@ -6,6 +6,14 @@
* trunk/parse.y (parser_yylex): ditto.
+Fri Oct 12 12:44:11 2007 Yukihiro Matsumoto <matz@r...>
+
+ * array.c (rb_ary_combination): fixed memory corruption due to too
+ small memory allocation
+
+ * array.c (rb_ary_product): accessing out of memory bounds.
+ condition fixed.
+
Thu Oct 11 21:10:17 2007 Yukihiro Matsumoto <matz@r...>
* include/ruby/node.h (NOEX_LOCAL): remove unused local visibility.
--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml