ruby-changes:4551
From: ko1@a...
Date: Tue, 15 Apr 2008 23:42:57 +0900 (JST)
Subject: [ruby-changes:4551] knu - Ruby:r16044 (ruby_1_8): * ext/syck/rubyext.c (rb_syck_mktime): Avoid buffer overflow.
knu 2008-04-15 23:42:44 +0900 (Tue, 15 Apr 2008)
New Revision: 16044
Modified files:
branches/ruby_1_8/ChangeLog
branches/ruby_1_8/ext/syck/rubyext.c
Log:
* ext/syck/rubyext.c (rb_syck_mktime): Avoid buffer overflow.
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8/ChangeLog?r1=16044&r2=16043&diff_format=u
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8/ext/syck/rubyext.c?r1=16044&r2=16043&diff_format=u
Index: ruby_1_8/ext/syck/rubyext.c
===================================================================
--- ruby_1_8/ext/syck/rubyext.c (revision 16043)
+++ ruby_1_8/ext/syck/rubyext.c (revision 16044)
@@ -268,9 +268,13 @@
{
char padded[] = "000000";
char *end = ptr + 1;
+ char *p = end;
while ( isdigit( *end ) ) end++;
- MEMCPY(padded, ptr + 1, char, end - (ptr + 1));
- usec = strtol(padded, NULL, 10);
+ if (end - p < sizeof(padded)) {
+ MEMCPY(padded, ptr + 1, char, end - (ptr + 1));
+ p = padded;
+ }
+ usec = strtol(p, NULL, 10);
}
else
{
Index: ruby_1_8/ChangeLog
===================================================================
--- ruby_1_8/ChangeLog (revision 16043)
+++ ruby_1_8/ChangeLog (revision 16044)
@@ -1,3 +1,7 @@
+Tue Apr 15 23:40:39 2008 Akinori MUSHA <knu@i...>
+
+ * ext/syck/rubyext.c (rb_syck_mktime): Avoid buffer overflow.
+
Tue Apr 15 20:32:03 2008 Tanaka Akira <akr@f...>
* re.c (match_inspect): backported from 1.9.
--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/