ruby-changes:60757
From: Alan <ko1@a...>
Date: Mon, 13 Apr 2020 04:19:27 +0900 (JST)
Subject: [ruby-changes:60757] 82fdffc5ec (master): Avoid UB with flexible array member
https://git.ruby-lang.org/ruby.git/commit/?id=82fdffc5ec From 82fdffc5ec0ecffc2e49128775d7c09ed43ba59d Mon Sep 17 00:00:00 2001 From: Alan Wu <XrXr@u...> Date: Sun, 12 Apr 2020 15:19:06 -0400 Subject: Avoid UB with flexible array member Accessing past the end of an array is technically UB. Use C99 flexible array member instead to avoid the UB and simplify allocation size calculation. See also: DCL38-C in the SEI CERT C Coding Standard diff --git a/compile.c b/compile.c index bd249a5..d294faa 100644 --- a/compile.c +++ b/compile.c @@ -3951,7 +3951,7 @@ compile_keyword_arg(rb_iseq_t *iseq, LINK_ANCHOR *const ret, https://github.com/ruby/ruby/blob/trunk/compile.c#L3951 { int len = (int)node->nd_alen / 2; struct rb_callinfo_kwarg *kw_arg = - rb_xmalloc_mul_add(len - 1, sizeof(VALUE), sizeof(struct rb_callinfo_kwarg)); + rb_xmalloc_mul_add(len, sizeof(VALUE), sizeof(struct rb_callinfo_kwarg)); VALUE *keywords = kw_arg->keywords; int i = 0; kw_arg->keyword_len = len; @@ -10394,7 +10394,7 @@ ibf_load_ci_entries(const struct ibf_load *load, https://github.com/ruby/ruby/blob/trunk/compile.c#L10394 struct rb_callinfo_kwarg *kwarg = NULL; int kwlen = (int)ibf_load_small_value(load, &reading_pos); if (kwlen > 0) { - kwarg = rb_xmalloc_mul_add(kwlen - 1, sizeof(VALUE), sizeof(struct rb_callinfo_kwarg));; + kwarg = rb_xmalloc_mul_add(kwlen, sizeof(VALUE), sizeof(struct rb_callinfo_kwarg)); kwarg->keyword_len = kwlen; for (int j=0; j<kwlen; j++) { VALUE keyword = ibf_load_small_value(load, &reading_pos); diff --git a/vm_callinfo.h b/vm_callinfo.h index 013811d..b3de14d 100644 --- a/vm_callinfo.h +++ b/vm_callinfo.h @@ -33,14 +33,14 @@ enum vm_call_flag_bits { https://github.com/ruby/ruby/blob/trunk/vm_callinfo.h#L33 struct rb_callinfo_kwarg { int keyword_len; - VALUE keywords[1]; + VALUE keywords[]; }; static inline size_t rb_callinfo_kwarg_bytes(int keyword_len) { return rb_size_mul_add_or_raise( - keyword_len - 1, + keyword_len, sizeof(VALUE), sizeof(struct rb_callinfo_kwarg), rb_eRuntimeError); -- cgit v0.10.2 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/