ruby-changes:41114
From: ko1 <ko1@a...>
Date: Fri, 18 Dec 2015 16:52:06 +0900 (JST)
Subject: [ruby-changes:41114] ko1:r53187 (trunk): * compile.c (ibf_load_setup): check tainted string argument.
ko1 2015-12-18 16:51:58 +0900 (Fri, 18 Dec 2015) New Revision: 53187 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=53187 Log: * compile.c (ibf_load_setup): check tainted string argument. Modified files: trunk/ChangeLog trunk/compile.c Index: ChangeLog =================================================================== --- ChangeLog (revision 53186) +++ ChangeLog (revision 53187) @@ -1,3 +1,7 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Fri Dec 18 16:50:35 2015 Koichi Sasada <ko1@a...> + + * compile.c (ibf_load_setup): check tainted string argument. + Fri Dec 18 16:12:13 2015 Koichi Sasada <ko1@a...> * vm_core.h: define USE_LAZY_LOAD if it is not defined. Index: compile.c =================================================================== --- compile.c (revision 53186) +++ compile.c (revision 53187) @@ -8203,6 +8203,8 @@ ibf_load_iseq(const struct ibf_load *loa https://github.com/ruby/ruby/blob/trunk/compile.c#L8203 static void ibf_load_setup(struct ibf_load *load, VALUE loader_obj, VALUE str) { + rb_check_safe_obj(str); + if (RSTRING_LENINT(str) < (int)sizeof(struct ibf_header)) { rb_raise(rb_eRuntimeError, "broken binary format"); } -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/