ruby-changes:41001
From: nobu <ko1@a...>
Date: Sun, 13 Dec 2015 18:33:53 +0900 (JST)
Subject: [ruby-changes:41001] nobu:r53080 (trunk): pack.c: check index range
nobu 2015-12-13 18:33:40 +0900 (Sun, 13 Dec 2015) New Revision: 53080 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=53080 Log: pack.c: check index range * pack.c (pack_pack): always check index range against the receiver array length, which can be shortened by elements conversion. reported by Marcin 'Icewall' Noga of Cisco Talos. Modified files: trunk/ChangeLog trunk/pack.c trunk/test/ruby/test_pack.rb Index: ChangeLog =================================================================== --- ChangeLog (revision 53079) +++ ChangeLog (revision 53080) @@ -1,3 +1,9 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Sun Dec 13 18:33:41 2015 Nobuyoshi Nakada <nobu@r...> + + * pack.c (pack_pack): always check index range against the + receiver array length, which can be shortened by elements + conversion. reported by Marcin 'Icewall' Noga of Cisco Talos. + Sun Dec 13 18:28:52 2015 Nobuyoshi Nakada <nobu@r...> * ext/psych/psych_emitter.c (start_document): should not exceed Index: pack.c =================================================================== --- pack.c (revision 53079) +++ pack.c (revision 53080) @@ -361,7 +361,7 @@ pack_pack(VALUE ary, VALUE fmt) https://github.com/ruby/ruby/blob/trunk/pack.c#L361 const char *p, *pend; VALUE res, from, associates = 0; char type; - long items, len, idx, plen; + long len, idx, plen; const char *ptr; int enc_info = 1; /* 0 - BINARY, 1 - US-ASCII, 2 - UTF-8 */ #ifdef NATINT_PACK @@ -374,12 +374,12 @@ pack_pack(VALUE ary, VALUE fmt) https://github.com/ruby/ruby/blob/trunk/pack.c#L374 pend = p + RSTRING_LEN(fmt); res = rb_str_buf_new(0); - items = RARRAY_LEN(ary); idx = 0; #define TOO_FEW (rb_raise(rb_eArgError, toofew), 0) -#define THISFROM (items > 0 ? RARRAY_AREF(ary, idx) : TOO_FEW) -#define NEXTFROM (items-- > 0 ? RARRAY_AREF(ary, idx++) : TOO_FEW) +#define MORE_ITEM (idx < RARRAY_LEN(ary)) +#define THISFROM (MORE_ITEM ? RARRAY_AREF(ary, idx) : TOO_FEW) +#define NEXTFROM (MORE_ITEM ? RARRAY_AREF(ary, idx++) : TOO_FEW) while (p < pend) { int explicit_endian = 0; @@ -431,7 +431,7 @@ pack_pack(VALUE ary, VALUE fmt) https://github.com/ruby/ruby/blob/trunk/pack.c#L431 if (*p == '*') { /* set data length */ len = strchr("@Xxu", type) ? 0 : strchr("PMm", type) ? 1 - : items; + : RARRAY_LEN(ary) - idx; p++; } else if (ISDIGIT(*p)) { Index: test/ruby/test_pack.rb =================================================================== --- test/ruby/test_pack.rb (revision 53079) +++ test/ruby/test_pack.rb (revision 53080) @@ -794,4 +794,23 @@ EXPECTED https://github.com/ruby/ruby/blob/trunk/test/ruby/test_pack.rb#L794 } } end + + def test_pack_resize + assert_separately([], <<-'end;') + ary = [] + obj = Class.new { + define_method(:to_str) { + ary.clear() + ary = nil + GC.start + "TALOS" + } + }.new + + ary.push(obj) + ary.push(".") + + assert_raise_with_message(ArgumentError, /too few/) {ary.pack("AA")} + end; + end end -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/