1berry/ruby
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

pack.c: check index range

Browse Source 
* pack.c (pack_pack): always check index range against the
  receiver array length, which can be shortened by elements
  conversion.  reported by Marcin 'Icewall' Noga of Cisco Talos.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53080 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
nobu 2015-12-13 09:33:40 +00:00
parent db48c30794
commit d10d5a974d
3 changed files with 30 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -1,3 +1,9 @@
Sun Dec 13 18:33:41 2015 Nobuyoshi Nakada <nobu@ruby-lang.org>
* pack.c (pack_pack): always check index range against the
receiver array length, which can be shortened by elements
conversion. reported by Marcin 'Icewall' Noga of Cisco Talos.
Sun Dec 13 18:28:52 2015 Nobuyoshi Nakada <nobu@ruby-lang.org> Sun Dec 13 18:28:52 2015 Nobuyoshi Nakada <nobu@ruby-lang.org>
* ext/psych/psych_emitter.c (start_document): should not exceed * ext/psych/psych_emitter.c (start_document): should not exceed

10
pack.c
View File

@ -361,7 +361,7 @@ pack_pack(VALUE ary, VALUE fmt)
const char *p, *pend; const char *p, *pend;
VALUE res, from, associates = 0; VALUE res, from, associates = 0;
char type; char type;
long items, len, idx, plen; long len, idx, plen;
const char *ptr; const char *ptr;
int enc_info = 1; /* 0 - BINARY, 1 - US-ASCII, 2 - UTF-8 */ int enc_info = 1; /* 0 - BINARY, 1 - US-ASCII, 2 - UTF-8 */
#ifdef NATINT_PACK #ifdef NATINT_PACK
@ -374,12 +374,12 @@ pack_pack(VALUE ary, VALUE fmt)
pend = p + RSTRING_LEN(fmt); pend = p + RSTRING_LEN(fmt);
res = rb_str_buf_new(0); res = rb_str_buf_new(0);
items = RARRAY_LEN(ary);
idx = 0; idx = 0;
#define TOO_FEW (rb_raise(rb_eArgError, toofew), 0) #define TOO_FEW (rb_raise(rb_eArgError, toofew), 0)
#define THISFROM (items > 0 ? RARRAY_AREF(ary, idx) : TOO_FEW) #define MORE_ITEM (idx < RARRAY_LEN(ary))
#define NEXTFROM (items-- > 0 ? RARRAY_AREF(ary, idx++) : TOO_FEW) #define THISFROM (MORE_ITEM ? RARRAY_AREF(ary, idx) : TOO_FEW)
#define NEXTFROM (MORE_ITEM ? RARRAY_AREF(ary, idx++) : TOO_FEW)
while (p < pend) { while (p < pend) {
int explicit_endian = 0; int explicit_endian = 0;
@ -431,7 +431,7 @@ pack_pack(VALUE ary, VALUE fmt)
if (*p == '*') { /* set data length */ if (*p == '*') { /* set data length */
len = strchr("@Xxu", type) ? 0 len = strchr("@Xxu", type) ? 0
: strchr("PMm", type) ? 1 : strchr("PMm", type) ? 1
: items; : RARRAY_LEN(ary) - idx;
p++; p++;
} }
else if (ISDIGIT(*p)) { else if (ISDIGIT(*p)) {

19
test/ruby/test_pack.rb
View File

@ -794,4 +794,23 @@ EXPECTED
} }
} }
end end
def test_pack_resize
assert_separately([], <<-'end;')
ary = []
obj = Class.new {
define_method(:to_str) {
ary.clear()
ary = nil
GC.start
"TALOS"
}
}.new
ary.push(obj)
ary.push(".")
assert_raise_with_message(ArgumentError, /too few/) {ary.pack("AA")}
end;
end
end end