From e4f1feac3e807e2e3790237749cfdb7a6104fd90 Mon Sep 17 00:00:00 2001
From: ocean <ocean@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Fri, 3 Feb 2006 06:11:13 +0000
Subject: [PATCH] * ext/syck/syck.c (syck_move_tokens): should reset p->cursor
 or etc   even if skip == 0. This causes buffer overrun.   (ex: YAML.load('---
 "..' + '\x82\xA0' * 511 + '"'))

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@9878 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog       | 6 ++++++
 ext/syck/syck.c | 3 ---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 8f7787a43f..66d1310e0e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+Fri Feb  3 15:02:10 2006  Hirokazu Yamamoto  <ocean@m2.ccsnet.ne.jp>
+
+	* ext/syck/syck.c (syck_move_tokens): should reset p->cursor or etc
+	  even if skip == 0. This causes buffer overrun.
+	  (ex: YAML.load('--- "..' + '\x82\xA0' * 511 + '"'))
+
 Fri Feb  3 00:01:31 2006  Hirokazu Yamamoto  <ocean@m2.ccsnet.ne.jp>
 
 	* ext/syck/emitter.c (syck_emitter_write): should not set '\0' on
diff --git a/ext/syck/syck.c b/ext/syck/syck.c
index 33f9bf23e8..24a56a5e48 100644
--- a/ext/syck/syck.c
+++ b/ext/syck/syck.c
@@ -410,9 +410,6 @@ syck_move_tokens( SyckParser *p )
         return 0;
 
     skip = p->limit - p->token;
-    if ( skip < 1 )
-        return 0;
-
     if ( ( count = p->token - p->buffer ) )
     {
         S_MEMMOVE( p->buffer, p->token, char, skip );