ruby-changes:56519
From: Yusuke <ko1@a...>
Date: Mon, 15 Jul 2019 06:45:28 +0900 (JST)
Subject: [ruby-changes:56519] Yusuke Endoh: d37da60128 (master): time.c (time_mdump): use another buffer for year_extend
https://git.ruby-lang.org/ruby.git/commit/?id=d37da60128 From d37da601289d13396b1e986b81d51b05bcfdddd5 Mon Sep 17 00:00:00 2001 From: Yusuke Endoh <mame@r...> Date: Mon, 15 Jul 2019 06:42:55 +0900 Subject: time.c (time_mdump): use another buffer for year_extend ruby_marshal_write_long may write 9 bytes, but buf has only 8 bytes. So the buffer cannot be reused. This issue was found by Coverity Scan. diff --git a/time.c b/time.c index 8d1bfd3..fe1ef78 100644 --- a/time.c +++ b/time.c @@ -5090,15 +5090,15 @@ time_mdump(VALUE time) https://github.com/ruby/ruby/blob/trunk/time.c#L5090 * binary (like as Fixnum and Bignum). */ size_t ysize = rb_absint_size(year_extend, NULL); - char *p; + char *p, buf_year_extend[9]; if (ysize > LONG_MAX || - (i = ruby_marshal_write_long((long)ysize, buf)) < 0) { + (i = ruby_marshal_write_long((long)ysize, buf_year_extend)) < 0) { rb_raise(rb_eArgError, "year too %s to marshal: %"PRIsVALUE" UTC", (year == 1900 ? "small" : "big"), vtm.year); } rb_str_resize(str, sizeof(buf) + i + ysize); p = RSTRING_PTR(str) + sizeof(buf); - memcpy(p, buf, i); + memcpy(p, buf_year_extend, i); p += i; rb_integer_pack(year_extend, p, ysize, 1, 0, INTEGER_PACK_LITTLE_ENDIAN); } -- cgit v0.10.2 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/