* ext/syck/syck.c (syck_move_tokens): should reset p->cursor or etc

even if skip == 0. This causes buffer overrun. (ex: YAML.load('--- "..' + '\x82\xA0' * 511 + '"')) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@9878 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2006-02-03 06:11:13 +00:00 · 2006-02-03 06:11:13 +00:00 · e4f1feac3e
commit e4f1feac3e
parent 69e9759037
2 changed files with 6 additions and 3 deletions
--- a/6
+++ b/6
@ -1,3 +1,9 @@
+Fri Feb  3 15:02:10 2006  Hirokazu Yamamoto  <ocean@m2.ccsnet.ne.jp>
+
+	* ext/syck/syck.c (syck_move_tokens): should reset p->cursor or etc
+	  even if skip == 0. This causes buffer overrun.
+	  (ex: YAML.load('--- "..' + '\x82\xA0' * 511 + '"'))
+
 Fri Feb  3 00:01:31 2006  Hirokazu Yamamoto  <ocean@m2.ccsnet.ne.jp>

 	* ext/syck/emitter.c (syck_emitter_write): should not set '\0' on
--- a/ext/syck/syck.c
+++ b/ext/syck/syck.c
@ -410,9 +410,6 @@ syck_move_tokens( SyckParser *p )
        return 0;

    skip = p->limit - p->token;
-    if ( skip < 1 )
-        return 0;
-
    if ( ( count = p->token - p->buffer ) )
    {
        S_MEMMOVE( p->buffer, p->token, char, skip );