[前][次][番号順一覧][スレッド一覧]

ruby-changes:29588

From: akr <ko1@a...>
Date: Wed, 26 Jun 2013 12:49:56 +0900 (JST)
Subject: [ruby-changes:29588] akr:r41640 (trunk): * bignum.c (bigxor_int): Fix a buffer over read.

akr	2013-06-26 12:49:45 +0900 (Wed, 26 Jun 2013)

  New Revision: 41640

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=41640

  Log:
    * bignum.c (bigxor_int): Fix a buffer over read.

  Modified files:
    trunk/ChangeLog
    trunk/bignum.c

Index: ChangeLog
===================================================================
--- ChangeLog	(revision 41639)
+++ ChangeLog	(revision 41640)
@@ -1,3 +1,7 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1
+Wed Jun 26 12:48:22 2013  Tanaka Akira  <akr@f...>
+
+	* bignum.c (bigxor_int): Fix a buffer over read.
+
 Wed Jun 26 12:13:12 2013  Tanaka Akira  <akr@f...>
 
 	* bignum.c (bigand_int): Consider negative values.
Index: bignum.c
===================================================================
--- bignum.c	(revision 41639)
+++ bignum.c	(revision 41640)
@@ -4873,6 +4873,10 @@ bigxor_int(VALUE x, long y) https://github.com/ruby/ruby/blob/trunk/bignum.c#L4873
     sign = (y >= 0) ? 1 : 0;
     xds = BDIGITS(x);
     zn = xn = RBIGNUM_LEN(x);
+#if SIZEOF_BDIGITS < SIZEOF_LONG
+    if (zn < bdigit_roomof(SIZEOF_LONG))
+        zn = bdigit_roomof(SIZEOF_LONG);
+#endif
     z = bignew(zn, !(RBIGNUM_SIGN(x) ^ sign));
     zds = BDIGITS(z);
 
@@ -4880,19 +4884,22 @@ bigxor_int(VALUE x, long y) https://github.com/ruby/ruby/blob/trunk/bignum.c#L4884
     i = 1;
     zds[0] = xds[0] ^ y;
 #else
-    {
-	long num = y;
-
-	for (i=0; i<bdigit_roomof(SIZEOF_LONG); i++) {
-	    zds[i] = xds[i] ^ BIGLO(num);
-	    num = BIGDN(num);
-	}
+    for (i = 0; i < xn; i++) {
+        zds[i] = xds[i] ^ BIGLO(y);
+        y = BIGDN(y);
+    }
+    for (; i < zn; i++) {
+        zds[i] = (RBIGNUM_SIGN(x) ? 0 : BDIGMAX) ^ BIGLO(y);
+        y = BIGDN(y);
     }
 #endif
-    while (i < xn) {
-	zds[i] = sign?xds[i]:BIGLO(~xds[i]);
-	i++;
+    for (; i < xn; i++) {
+        zds[i] = sign ? xds[i] : BIGLO(~xds[i]);
     }
+    for (; i < zn; i++) {
+        zds[i] = sign ^ RBIGNUM_SIGN(x) ? BDIGMAX : 0;
+    }
+
     if (!RBIGNUM_SIGN(z)) get2comp(z);
     return bignorm(z);
 }

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]