ruby-changes:34723
From: nagachika <ko1@a...>
Date: Sun, 13 Jul 2014 22:59:24 +0900 (JST)
Subject: [ruby-changes:34723] nagachika:r46806 (ruby_2_1): merge revision(s) r46778: [Backport #10019]
nagachika 2014-07-13 22:59:09 +0900 (Sun, 13 Jul 2014) New Revision: 46806 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=46806 Log: merge revision(s) r46778: [Backport #10019] * pack.c (encodes): fix buffer overrun by tail_lf. Thanks to Mamoru Tasaka and Tomas Hoger. [ruby-core:63604] [Bug #10019] Modified directories: branches/ruby_2_1/ Modified files: branches/ruby_2_1/ChangeLog branches/ruby_2_1/pack.c branches/ruby_2_1/test/ruby/test_pack.rb branches/ruby_2_1/version.h Index: ruby_2_1/ChangeLog =================================================================== --- ruby_2_1/ChangeLog (revision 46805) +++ ruby_2_1/ChangeLog (revision 46806) @@ -1,3 +1,8 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_1/ChangeLog#L1 +Sun Jul 13 22:52:43 2014 Nobuyoshi Nakada <nobu@r...> + + * pack.c (encodes): fix buffer overrun by tail_lf. Thanks to + Mamoru Tasaka and Tomas Hoger. [ruby-core:63604] [Bug #10019] + Sun Jul 13 22:44:05 2014 Nobuyoshi Nakada <nobu@r...> * ext/thread/thread.c (undumpable): ConditionVariable and Queue Index: ruby_2_1/pack.c =================================================================== --- ruby_2_1/pack.c (revision 46805) +++ ruby_2_1/pack.c (revision 46806) @@ -946,7 +946,8 @@ static const char b64_table[] = https://github.com/ruby/ruby/blob/trunk/ruby_2_1/pack.c#L946 static void encodes(VALUE str, const char *s, long len, int type, int tail_lf) { - char buff[4096]; + enum {buff_size = 4096, encoded_unit = 4}; + char buff[buff_size + 1]; /* +1 for tail_lf */ long i = 0; const char *trans = type == 'u' ? uu_table : b64_table; char padding; @@ -959,7 +960,7 @@ encodes(VALUE str, const char *s, long l https://github.com/ruby/ruby/blob/trunk/ruby_2_1/pack.c#L960 padding = '='; } while (len >= 3) { - while (len >= 3 && sizeof(buff)-i >= 4) { + while (len >= 3 && buff_size-i >= encoded_unit) { buff[i++] = trans[077 & (*s >> 2)]; buff[i++] = trans[077 & (((*s << 4) & 060) | ((s[1] >> 4) & 017))]; buff[i++] = trans[077 & (((s[1] << 2) & 074) | ((s[2] >> 6) & 03))]; @@ -967,7 +968,7 @@ encodes(VALUE str, const char *s, long l https://github.com/ruby/ruby/blob/trunk/ruby_2_1/pack.c#L968 s += 3; len -= 3; } - if (sizeof(buff)-i < 4) { + if (buff_size-i < encoded_unit) { rb_str_buf_cat(str, buff, i); i = 0; } @@ -987,6 +988,7 @@ encodes(VALUE str, const char *s, long l https://github.com/ruby/ruby/blob/trunk/ruby_2_1/pack.c#L988 } if (tail_lf) buff[i++] = '\n'; rb_str_buf_cat(str, buff, i); + if ((size_t)i > sizeof(buff)) rb_bug("encodes() buffer overrun"); } static const char hex_table[] = "0123456789ABCDEF"; Index: ruby_2_1/version.h =================================================================== --- ruby_2_1/version.h (revision 46805) +++ ruby_2_1/version.h (revision 46806) @@ -1,6 +1,6 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_1/version.h#L1 #define RUBY_VERSION "2.1.2" #define RUBY_RELEASE_DATE "2014-07-13" -#define RUBY_PATCHLEVEL 170 +#define RUBY_PATCHLEVEL 171 #define RUBY_RELEASE_YEAR 2014 #define RUBY_RELEASE_MONTH 7 Index: ruby_2_1/test/ruby/test_pack.rb =================================================================== --- ruby_2_1/test/ruby/test_pack.rb (revision 46805) +++ ruby_2_1/test/ruby/test_pack.rb (revision 46806) @@ -550,6 +550,14 @@ EXPECTED https://github.com/ruby/ruby/blob/trunk/ruby_2_1/test/ruby/test_pack.rb#L550 assert_equal(["\0"], "AA\n".unpack("m")) assert_equal(["\0"], "AA=\n".unpack("m")) assert_equal(["\0\0"], "AAA\n".unpack("m")) + + bug10019 = '[ruby-core:63604] [Bug #10019]' + size = ((4096-4)/4*3+1) + assert_separately(%W[- #{size} #{bug10019}], <<-'end;') + size = ARGV.shift.to_i + bug = ARGV.shift + assert_equal(size, ["a"*size].pack("m#{size+2}").unpack("m")[0].size, bug) + end; end def test_pack_unpack_m0 Property changes on: ruby_2_1 ___________________________________________________________________ Modified: svn:mergeinfo Merged /trunk:r46778 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/