ruby-changes:4551
From: ko1@a...
Date: Tue, 15 Apr 2008 23:42:57 +0900 (JST)
Subject: [ruby-changes:4551] knu - Ruby:r16044 (ruby_1_8): * ext/syck/rubyext.c (rb_syck_mktime): Avoid buffer overflow.
knu 2008-04-15 23:42:44 +0900 (Tue, 15 Apr 2008) New Revision: 16044 Modified files: branches/ruby_1_8/ChangeLog branches/ruby_1_8/ext/syck/rubyext.c Log: * ext/syck/rubyext.c (rb_syck_mktime): Avoid buffer overflow. http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8/ChangeLog?r1=16044&r2=16043&diff_format=u http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8/ext/syck/rubyext.c?r1=16044&r2=16043&diff_format=u Index: ruby_1_8/ext/syck/rubyext.c =================================================================== --- ruby_1_8/ext/syck/rubyext.c (revision 16043) +++ ruby_1_8/ext/syck/rubyext.c (revision 16044) @@ -268,9 +268,13 @@ { char padded[] = "000000"; char *end = ptr + 1; + char *p = end; while ( isdigit( *end ) ) end++; - MEMCPY(padded, ptr + 1, char, end - (ptr + 1)); - usec = strtol(padded, NULL, 10); + if (end - p < sizeof(padded)) { + MEMCPY(padded, ptr + 1, char, end - (ptr + 1)); + p = padded; + } + usec = strtol(p, NULL, 10); } else { Index: ruby_1_8/ChangeLog =================================================================== --- ruby_1_8/ChangeLog (revision 16043) +++ ruby_1_8/ChangeLog (revision 16044) @@ -1,3 +1,7 @@ +Tue Apr 15 23:40:39 2008 Akinori MUSHA <knu@i...> + + * ext/syck/rubyext.c (rb_syck_mktime): Avoid buffer overflow. + Tue Apr 15 20:32:03 2008 Tanaka Akira <akr@f...> * re.c (match_inspect): backported from 1.9. -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/