ruby-changes:41004
From: nobu <ko1@a...>
Date: Sun, 13 Dec 2015 18:45:26 +0900 (JST)
Subject: [ruby-changes:41004] nobu:r53083 (trunk): io.c: fix stack smashing
nobu 2015-12-13 18:45:12 +0900 (Sun, 13 Dec 2015) New Revision: 53083 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=53083 Log: io.c: fix stack smashing * io.c (parse_mode_enc): fix buffer overflow. Modified files: trunk/ChangeLog trunk/io.c trunk/test/ruby/test_io_m17n.rb Index: ChangeLog =================================================================== --- ChangeLog (revision 53082) +++ ChangeLog (revision 53083) @@ -1,3 +1,7 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Sun Dec 13 18:45:12 2015 Nobuyoshi Nakada <nobu@r...> + + * io.c (parse_mode_enc): fix buffer overflow. + Sun Dec 13 18:35:57 2015 Nobuyoshi Nakada <nobu@r...> * ext/fiddle/function.c (initialize): check all arguments first. Index: io.c =================================================================== --- io.c (revision 53082) +++ io.c (revision 53083) @@ -5090,9 +5090,11 @@ parse_mode_enc(const char *estr, rb_enco https://github.com/ruby/ruby/blob/trunk/io.c#L5090 fmode |= FMODE_SETENC_BY_BOM; estr += 4; len -= 4; - memcpy(encname, estr, len); - encname[len] = '\0'; - estr = encname; + if (len > 0 && len <= ENCODING_MAXNAMELEN) { + memcpy(encname, estr, len); + encname[len] = '\0'; + estr = encname; + } } idx = rb_enc_find_index(estr); } Index: test/ruby/test_io_m17n.rb =================================================================== --- test/ruby/test_io_m17n.rb (revision 53082) +++ test/ruby/test_io_m17n.rb (revision 53083) @@ -2082,6 +2082,19 @@ EOT https://github.com/ruby/ruby/blob/trunk/test/ruby/test_io_m17n.rb#L2082 } end + def test_bom_too_long_utfname + assert_separately([], <<-'end;') # do + assert_warn(/Unsupported encoding/) { + open(IO::NULL, "r:bom|utf-" + "x" * 10000) {} + } + end; + assert_separately([], <<-'end;') # do + assert_warn(/Unsupported encoding/) { + open(IO::NULL, encoding: "bom|utf-" + "x" * 10000) {} + } + end; + end + def test_cbuf with_tmpdir { fn = "tst" -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/