naruse	2016-03-29 16:44:18 +0900 (Tue, 29 Mar 2016)

  New Revision: 54380

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=54380

  Log:
    merge revision(s) 54105,54108,54136,54138: [Backport #12188]
    
    * marshal.c (r_object0): Fix Marshal crash for corrupt extended object.
    
    * marshal.c (r_object0):  raise ArgumentError when linking to undefined
      object.

  Modified directories:
    branches/ruby_2_3/
  Modified files:
    branches/ruby_2_3/ChangeLog
    branches/ruby_2_3/marshal.c
    branches/ruby_2_3/test/ruby/test_marshal.rb
    branches/ruby_2_3/version.h
Index: ruby_2_3/ChangeLog
===================================================================
--- ruby_2_3/ChangeLog	(revision 54379)
+++ ruby_2_3/ChangeLog	(revision 54380)
@@ -1,3 +1,12 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_3/ChangeLog#L1
+Tue Mar 29 16:41:27 2016  Eric Hodel  <drbrain@s...>
+
+	* marshal.c (r_object0):  raise ArgumentError when linking to undefined
+	  object.
+
+Tue Mar 29 16:41:27 2016  Eric Hodel  <drbrain@s...>
+
+	* marshal.c (r_object0): Fix Marshal crash for corrupt extended object.
+
 Tue Mar 29 16:40:48 2016  Eric Wong  <e@8...>
 
 	* ext/openssl/ossl_ssl.c (ossl_sslctx_setup): document as MT-unsafe
Index: ruby_2_3/test/ruby/test_marshal.rb
===================================================================
--- ruby_2_3/test/ruby/test_marshal.rb	(revision 54379)
+++ ruby_2_3/test/ruby/test_marshal.rb	(revision 54380)
@@ -718,4 +718,22 @@ class TestMarshal < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/ruby_2_3/test/ruby/test_marshal.rb#L718
     obj = [str, str]
     assert_equal(['X', 'X'], Marshal.load(Marshal.dump(obj), ->(v) { v == str ? v.upcase : v }))
   end
+
+  def test_marshal_load_extended_class_crash
+    crash = "\x04\be:\x0F\x00omparableo:\vObject\x00"
+
+    opt = %w[--disable=gems]
+    assert_ruby_status(opt, "Marshal.load(#{crash.dump})")
+  end
+
+  def test_marshal_load_r_prepare_reference_crash
+    crash = "\x04\bI/\x05\x00\x06:\x06E{\x06@\x05T"
+
+    opt = %w[--disable=gems]
+    assert_separately(opt, <<-RUBY)
+      assert_raise_with_message(ArgumentError, /bad link/) do
+        Marshal.load(#{crash.dump})
+      end
+    RUBY
+  end
 end
Index: ruby_2_3/version.h
===================================================================
--- ruby_2_3/version.h	(revision 54379)
+++ ruby_2_3/version.h	(revision 54380)
@@ -1,6 +1,6 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_3/version.h#L1
 #define RUBY_VERSION "2.3.0"
 #define RUBY_RELEASE_DATE "2016-03-29"
-#define RUBY_PATCHLEVEL 37
+#define RUBY_PATCHLEVEL 38
 
 #define RUBY_RELEASE_YEAR 2016
 #define RUBY_RELEASE_MONTH 3
Index: ruby_2_3/marshal.c
===================================================================
--- ruby_2_3/marshal.c	(revision 54379)
+++ ruby_2_3/marshal.c	(revision 54380)
@@ -1585,6 +1585,7 @@ r_object0(struct load_arg *arg, int *ivp https://github.com/ruby/ruby/blob/trunk/ruby_2_3/marshal.c#L1585
 	{
 	    VALUE path = r_unique(arg);
 	    VALUE m = rb_path_to_class(path);
+	    if (NIL_P(extmod)) extmod = rb_ary_tmp_new(0);
 
 	    if (RB_TYPE_P(m, T_CLASS)) { /* prepended */
 		VALUE c;
@@ -1604,7 +1605,6 @@ r_object0(struct load_arg *arg, int *ivp https://github.com/ruby/ruby/blob/trunk/ruby_2_3/marshal.c#L1605
 	    }
 	    else {
 		must_be_module(m, path);
-		if (NIL_P(extmod)) extmod = rb_ary_tmp_new(0);
 		rb_ary_push(extmod, m);
 
 		v = r_object0(arg, 0, extmod);
@@ -1965,6 +1965,11 @@ r_object0(struct load_arg *arg, int *ivp https://github.com/ruby/ruby/blob/trunk/ruby_2_3/marshal.c#L1965
 	rb_raise(rb_eArgError, "dump format error(0x%x)", type);
 	break;
     }
+
+    if (v == Qundef) {
+	rb_raise(rb_eArgError, "dump format error (bad link)");
+    }
+
     return v;
 }
 

Property changes on: ruby_2_3
___________________________________________________________________
Modified: svn:mergeinfo
   Merged /trunk:r54105,54108,54136,54138


--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/