ruby-changes:45208
From: nobu <ko1@a...>
Date: Sun, 8 Jan 2017 07:52:11 +0900 (JST)
Subject: [ruby-changes:45208] nobu:r57280 (trunk): console.c: OOB access
nobu 2017-01-08 07:52:03 +0900 (Sun, 08 Jan 2017) New Revision: 57280 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=57280 Log: console.c: OOB access * ext/io/console/console.c (console_set_winsize): fix out-of-bounds access. [ruby-core:79004] [Bug #13112] Modified files: trunk/ext/io/console/console.c trunk/test/io/console/test_io_console.rb Index: test/io/console/test_io_console.rb =================================================================== --- test/io/console/test_io_console.rb (revision 57279) +++ test/io/console/test_io_console.rb (revision 57280) @@ -236,11 +236,41 @@ defined?(PTY) and defined?(IO.console) a https://github.com/ruby/ruby/blob/trunk/test/io/console/test_io_console.rb#L236 begin assert_equal([0, 0], s.winsize) rescue Errno::EINVAL # OpenSolaris 2009.06 TIOCGWINSZ causes Errno::EINVAL before TIOCSWINSZ. + else + assert_equal([80, 25], s.winsize = [80, 25]) + assert_equal([80, 25], s.winsize) + assert_equal([80, 25], m.winsize) + assert_equal([100, 40], m.winsize = [100, 40]) + assert_equal([100, 40], s.winsize) + assert_equal([100, 40], m.winsize) end } end + def test_set_winsize_invalid_dev + [IO::NULL, __FILE__].each do |path| + open(path) do |io| + begin + s = io.winsize + rescue SystemCallError => e + assert_raise(e.class) {io.winsize = [0, 0]} + else + assert(false, "winsize on #{path} succeed: #{s.inspect}") + end + end + end + end + if IO.console + def test_set_winsize_console + s = IO.console.winsize + assert_kind_of(Array, s) + assert_equal(2, s.size) + assert_kind_of(Integer, s[0]) + assert_kind_of(Integer, s[1]) + assert_nothing_raised(TypeError) {IO.console.winsize = s} + end + def test_close IO.console.close assert_kind_of(IO, IO.console) Index: ext/io/console/console.c =================================================================== --- ext/io/console/console.c (revision 57279) +++ ext/io/console/console.c (revision 57280) @@ -535,12 +535,14 @@ console_set_winsize(VALUE io, VALUE size https://github.com/ruby/ruby/blob/trunk/ext/io/console/console.c#L535 VALUE row, col, xpixel, ypixel; const VALUE *sz; int fd; + int sizelen; GetOpenFile(io, fptr); size = rb_Array(size); - rb_check_arity(RARRAY_LENINT(size), 2, 4); + rb_check_arity(sizelen = RARRAY_LENINT(size), 2, 4); sz = RARRAY_CONST_PTR(size); - row = sz[0], col = sz[1], xpixel = sz[2], ypixel = sz[3]; + row = sz[0], col = sz[1], xpixel = ypixel = Qnil; + if (sizelen == 4) xpixel = sz[2], ypixel = sz[3]; fd = GetWriteFD(fptr); #if defined TIOCSWINSZ ws.ws_row = ws.ws_col = ws.ws_xpixel = ws.ws_ypixel = 0; -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/