[前][次][番号順一覧][スレッド一覧]

ruby-changes:47598

From: rhe <ko1@a...>
Date: Fri, 1 Sep 2017 17:16:43 +0900 (JST)
Subject: [ruby-changes:47598] rhe:r59714 (trunk): object.c: fix potential oob write in rb_str_to_dbl()

rhe	2017-09-01 17:16:38 +0900 (Fri, 01 Sep 2017)

  New Revision: 59714

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=59714

  Log:
    object.c: fix potential oob write in rb_str_to_dbl()
    
    Ensure space for the terminating NUL byte. Note that this code path is
    reachable only when Ruby is compiled with SHARABLE_MIDDLE_SUBSTRING=1.

  Modified files:
    trunk/object.c
Index: object.c
===================================================================
--- object.c	(revision 59713)
+++ object.c	(revision 59714)
@@ -3302,7 +3302,7 @@ rb_str_to_dbl(VALUE str, int badcheck) https://github.com/ruby/ruby/blob/trunk/object.c#L3302
 	    rb_raise(rb_eArgError, "string for Float contains null byte");
 	}
 	if (s[len]) {		/* no sentinel somehow */
-	    char *p =  ALLOCV(v, len);
+	    char *p = ALLOCV(v, (size_t)len + 1);
 	    MEMCPY(p, s, char, len);
 	    p[len] = '\0';
 	    s = p;

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]