ruby-changes:43359
From: nobu <ko1@a...>
Date: Sat, 18 Jun 2016 08:52:54 +0900 (JST)
Subject: [ruby-changes:43359] nobu:r55432 (trunk): stringio.c: fix index overflow
nobu 2016-06-18 08:52:48 +0900 (Sat, 18 Jun 2016) New Revision: 55432 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=55432 Log: stringio.c: fix index overflow * ext/stringio/stringio.c (strio_getline): fix pointer index overflow. reported by Guido Vranken <guido AT guidovranken.nl>. Modified files: trunk/ChangeLog trunk/ext/stringio/stringio.c trunk/test/stringio/test_stringio.rb Index: test/stringio/test_stringio.rb =================================================================== --- test/stringio/test_stringio.rb (revision 55431) +++ test/stringio/test_stringio.rb (revision 55432) @@ -680,4 +680,16 @@ class TestStringIO < Test::Unit::TestCas https://github.com/ruby/ruby/blob/trunk/test/stringio/test_stringio.rb#L680 StringIO.new {} end end + + def test_overflow + limit = (1 << (RbConfig::SIZEOF["size_t"]*8-1)) - 0x10 + assert_separately(%w[-rstringio], "#{<<-"begin;"}\n#{<<-"end;"}") + begin; + limit = #{limit} + x = ("a"*0x100000) + s = StringIO.new(x) + s.gets("xxx", limit) + assert_equal(0x100000, s.pos) + end; + end end Index: ChangeLog =================================================================== --- ChangeLog (revision 55431) +++ ChangeLog (revision 55432) @@ -1,3 +1,8 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Sat Jun 18 08:52:46 2016 Nobuyoshi Nakada <nobu@r...> + + * ext/stringio/stringio.c (strio_getline): fix pointer index + overflow. reported by Guido Vranken <guido AT guidovranken.nl>. + Thu Jun 16 16:35:35 2016 Nobuyoshi Nakada <nobu@r...> * class.c (Init_class_hierarchy): prevent rb_cObject which is the Index: ext/stringio/stringio.c =================================================================== --- ext/stringio/stringio.c (revision 55431) +++ ext/stringio/stringio.c (revision 55432) @@ -1021,7 +1021,7 @@ strio_getline(int argc, VALUE *argv, str https://github.com/ruby/ruby/blob/trunk/ext/stringio/stringio.c#L1021 s = RSTRING_PTR(ptr->string); e = s + RSTRING_LEN(ptr->string); s += ptr->pos; - if (limit > 0 && s + limit < e) { + if (limit > 0 && (size_t)limit < (size_t)(e - s)) { e = rb_enc_right_char_head(s, s + limit, e, get_enc(ptr)); } if (NIL_P(str)) { -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/