ruby-changes:38590
From: nobu <ko1@a...>
Date: Fri, 29 May 2015 14:39:36 +0900 (JST)
Subject: [ruby-changes:38590] nobu:r50671 (trunk): parse.y: check NTH_REF range
nobu 2015-05-29 14:39:03 +0900 (Fri, 29 May 2015) New Revision: 50671 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=50671 Log: parse.y: check NTH_REF range * compile.c (iseq_compile_each): out of range NTH_REF is always nil. * parse.y (parse_numvar): check overflow of NTH_REF and range. [ruby-core:69393] [Bug #11192] * util.c (ruby_scan_digits): make public and add length parameter. Modified files: trunk/ChangeLog trunk/compile.c trunk/internal.h trunk/parse.y trunk/test/ruby/test_syntax.rb trunk/util.c Index: ChangeLog =================================================================== --- ChangeLog (revision 50670) +++ ChangeLog (revision 50671) @@ -1,3 +1,13 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Fri May 29 14:39:00 2015 Nobuyoshi Nakada <nobu@r...> + + * compile.c (iseq_compile_each): out of range NTH_REF is always + nil. + + * parse.y (parse_numvar): check overflow of NTH_REF and range. + [ruby-core:69393] [Bug #11192] + + * util.c (ruby_scan_digits): make public and add length parameter. + Fri May 29 11:18:58 2015 Eric Wong <e@8...> * ext/socket/ancdata.c (bsock_sendmsg_internal, Index: compile.c =================================================================== --- compile.c (revision 50670) +++ compile.c (revision 50671) @@ -4920,6 +4920,10 @@ iseq_compile_each(rb_iseq_t *iseq, LINK_ https://github.com/ruby/ruby/blob/trunk/compile.c#L4920 } case NODE_NTH_REF:{ if (!poped) { + if (!node->nd_nth) { + ADD_INSN(ret, line, putnil); + break; + } ADD_INSN2(ret, line, getspecial, INT2FIX(1) /* '~' */, INT2FIX(node->nd_nth << 1)); } Index: parse.y =================================================================== --- parse.y (revision 50670) +++ parse.y (revision 50671) @@ -694,9 +694,7 @@ new_args_tail_gen(struct parser_params * https://github.com/ruby/ruby/blob/trunk/parse.y#L694 # define rb_warningV(fmt,a) ripper_warningV(parser, (fmt), (a)) static void ripper_warn0(struct parser_params*, const char*); static void ripper_warnI(struct parser_params*, const char*, int); -#if 0 /* not in use right now */ static void ripper_warnS(struct parser_params*, const char*, const char*); -#endif static void ripper_warnV(struct parser_params*, const char*, VALUE); static void ripper_warning0(struct parser_params*, const char*); static void ripper_warningS(struct parser_params*, const char*, const char*); @@ -7593,6 +7591,27 @@ tokenize_ident(struct parser_params *par https://github.com/ruby/ruby/blob/trunk/parse.y#L7591 } static int +parse_numvar(struct parser_params *parser) +{ + size_t len; + int overflow; + unsigned long n = ruby_scan_digits(tok()+1, toklen()-1, 10, &len, &overflow); + const unsigned long nth_ref_max = + (FIXNUM_MAX / 2 < INT_MAX) ? FIXNUM_MAX / 2 : INT_MAX; + /* NTH_REF is left-shifted to be ORed with back-ref flag and + * turned into a Fixnum, in compile.c */ + + if (overflow || n > nth_ref_max) { + /* compile_error()? */ + rb_warnS("`%s' is too big for a number variable, always nil", tok()); + return 0; /* $0 is $PROGRAM_NAME, not NTH_REF */ + } + else { + return (int)n; + } +} + +static int parse_gvar(struct parser_params *parser, const enum lex_state_e last_state) { register int c; @@ -7670,7 +7689,7 @@ parse_gvar(struct parser_params *parser, https://github.com/ruby/ruby/blob/trunk/parse.y#L7689 pushback(c); if (IS_lex_state_for(last_state, EXPR_FNAME)) goto gvar; tokfix(); - set_yylval_node(NEW_NTH_REF(atoi(tok()+1))); + set_yylval_node(NEW_NTH_REF(parse_numvar(parser))); return tNTH_REF; default: @@ -11070,14 +11089,12 @@ ripper_warnI(struct parser_params *parse https://github.com/ruby/ruby/blob/trunk/parse.y#L11089 STR_NEW2(fmt), INT2NUM(a)); } -#if 0 /* not in use right now */ static void ripper_warnS(struct parser_params *parser, const char *fmt, const char *str) { rb_funcall(parser->value, id_warn, 2, STR_NEW2(fmt), STR_NEW2(str)); } -#endif static void ripper_warnV(struct parser_params *parser, const char *fmt, VALUE v) Index: util.c =================================================================== --- util.c (revision 50670) +++ util.c (revision 50671) @@ -76,21 +76,25 @@ const signed char ruby_digit36_to_number https://github.com/ruby/ruby/blob/trunk/util.c#L76 /*f*/ -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, }; -static unsigned long -scan_digits(const char *str, int base, size_t *retlen, int *overflow) +unsigned long +ruby_scan_digits(const char *str, ssize_t len, int base, size_t *retlen, int *overflow) { const char *start = str; unsigned long ret = 0, x; unsigned long mul_overflow = (~(unsigned long)0) / base; - int c; + *overflow = 0; - while ((c = (unsigned char)*str++) != '\0') { - int d = ruby_digit36_to_number_table[c]; + if (!len) { + *retlen = 0; + return 0; + } + + do { + int d = ruby_digit36_to_number_table[(unsigned char)*str++]; if (d == -1 || base <= d) { - *retlen = (str-1) - start; - return ret; + break; } if (mul_overflow < ret) *overflow = 1; @@ -99,7 +103,7 @@ scan_digits(const char *str, int base, s https://github.com/ruby/ruby/blob/trunk/util.c#L103 ret += d; if (ret < x) *overflow = 1; - } + } while (len < 0 || --len); *retlen = (str-1) - start; return ret; } @@ -151,7 +155,7 @@ ruby_strtoul(const char *str, char **end https://github.com/ruby/ruby/blob/trunk/util.c#L155 b = base == 0 ? 10 : base; } - ret = scan_digits(str, b, &len, &overflow); + ret = ruby_scan_digits(str, -1, b, &len, &overflow); if (0 < len) subject_found = str+len; Index: internal.h =================================================================== --- internal.h (revision 50670) +++ internal.h (revision 50671) @@ -1272,6 +1272,7 @@ VALUE rb_setup_fake_str(struct RString * https://github.com/ruby/ruby/blob/trunk/internal.h#L1272 /* util.c (export) */ extern const signed char ruby_digit36_to_number_table[]; extern const char ruby_hexdigits[]; +extern unsigned long ruby_scan_digits(const char *str, ssize_t len, int base, size_t *retlen, int *overflow); /* variable.c (export) */ void rb_gc_mark_global_tbl(void); Index: test/ruby/test_syntax.rb =================================================================== --- test/ruby/test_syntax.rb (revision 50670) +++ test/ruby/test_syntax.rb (revision 50671) @@ -579,6 +579,13 @@ eom https://github.com/ruby/ruby/blob/trunk/test/ruby/test_syntax.rb#L579 assert_syntax_error('0...%w.', /unterminated string/, bug10957) end + def test_too_big_nth_ref + bug11192 = '[ruby-core:69393] [Bug #11192]' + assert_warn(/too big/, bug11192) do + eval('$99999999999999999') + end + end + private def not_label(x) @result = x; @not_label ||= nil end -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/