ruby-changes:28848
From: nobu <ko1@a...>
Date: Thu, 23 May 2013 17:35:48 +0900 (JST)
Subject: [ruby-changes:28848] nobu:r40900 (trunk): load.c: fix invalid read
nobu 2013-05-23 17:35:34 +0900 (Thu, 23 May 2013) New Revision: 40900 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=40900 Log: load.c: fix invalid read * load.c (loaded_feature_path): fix invalid read by index underflow. the beginning of name is also a boundary as well as just after '/'. Modified files: trunk/ChangeLog trunk/load.c Index: ChangeLog =================================================================== --- ChangeLog (revision 40899) +++ ChangeLog (revision 40900) @@ -1,3 +1,8 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Thu May 23 17:35:30 2013 Nobuyoshi Nakada <nobu@r...> + + * load.c (loaded_feature_path): fix invalid read by index underflow. + the beginning of name is also a boundary as well as just after '/'. + Thu May 23 17:21:22 2013 Nobuyoshi Nakada <nobu@r...> * gc.c (gc_profile_dump_on): revert r40898. ok to show the record Index: load.c =================================================================== --- load.c (revision 40899) +++ load.c (revision 40900) @@ -315,7 +315,7 @@ loaded_feature_path(const char *name, lo https://github.com/ruby/ruby/blob/trunk/load.c#L315 if (vlen < len+1) return 0; if (!strncmp(name+(vlen-len), feature, len)) { - plen = vlen - len - 1; + plen = vlen - len; } else { for (e = name + vlen; name != e && *e != '.' && *e != '/'; --e); @@ -323,19 +323,20 @@ loaded_feature_path(const char *name, lo https://github.com/ruby/ruby/blob/trunk/load.c#L323 e-name < len || strncmp(e-len, feature, len)) return 0; - plen = e - name - len - 1; + plen = e - name - len; } - if (name[plen] != '/') { + if (plen > 0 && name[plen-1] != '/') { return 0; } - if (type == 's' ? !IS_DLEXT(&name[plen+len+1]) : - type == 'r' ? !IS_RBEXT(&name[plen+len+1]) : + if (type == 's' ? !IS_DLEXT(&name[plen+len]) : + type == 'r' ? !IS_RBEXT(&name[plen+len]) : 0) { return 0; } /* Now name == "#{prefix}/#{feature}#{ext}" where ext is acceptable (possibly empty) and prefix is some string of length plen. */ + if (plen > 0) --plen; /* exclude '.' */ for (i = 0; i < RARRAY_LEN(load_path); ++i) { VALUE p = RARRAY_AREF(load_path, i); const char *s = StringValuePtr(p); -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/