From e6f1557562c3e10586fe25a8e430ad44f461a58e Mon Sep 17 00:00:00 2001 From: nobu Date: Fri, 13 Jun 2014 04:43:57 +0000 Subject: [PATCH] array.c: fix array size * array.c (rb_ary_permutation): `p` is the array of size `r`, as commented at permute0(). since `n >= r` here, buffer overflow never happened, just reduce unnecessary allocation though. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46416 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ChangeLog | 6 ++++++ array.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 4756fd48c0..a1ed666ce6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +Fri Jun 13 13:42:58 2014 Nobuyoshi Nakada + + * array.c (rb_ary_permutation): `p` is the array of size `r`, as + commented at permute0(). since `n >= r` here, buffer overflow + never happened, just reduce unnecessary allocation though. + Thu Jun 12 20:32:28 2014 Nobuyoshi Nakada * string.c (rb_str_resize): should consider the capacity instead diff --git a/array.c b/array.c index 3f5605526e..e8c7fc9627 100644 --- a/array.c +++ b/array.c @@ -4858,7 +4858,7 @@ rb_ary_permutation(int argc, VALUE *argv, VALUE ary) } } else { /* this is the general case */ - volatile VALUE t0 = tmpbuf(n,sizeof(long)); + volatile VALUE t0 = tmpbuf(r,sizeof(long)); long *p = (long*)RSTRING_PTR(t0); volatile VALUE t1 = tmpbuf(n,sizeof(char)); char *used = (char*)RSTRING_PTR(t1);