kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

fiddle/function.c: check argument size

Browse source 
* ext/fiddle/function.c (initialize): check argument number if the
  temporary buffer exceeds size_t max.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@45300 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
nobu 2014-03-09 04:51:17 +00:00
parent cb05f199ee
commit 1692e54793
1 changed files with 14 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
ext/fiddle/function.c
View file

@ -11,6 +11,18 @@
VALUE cFiddleFunction; VALUE cFiddleFunction;
#define MAX_ARGS (SIZE_MAX / (sizeof(void *) + sizeof(fiddle_generic)) - 1)
#define Check_Max_Args(name, len) \
if ((size_t)(len) < MAX_ARGS) { \
/* OK */ \
} \
else { \
rb_raise(rb_eTypeError, \
name" is so large that it can cause integer overflow (%d)", \
(len)); \
}
static void static void
deallocate(void *p) deallocate(void *p)
{ {
@ -84,6 +96,7 @@ initialize(int argc, VALUE argv[], VALUE self)
if(NIL_P(abi)) abi = INT2NUM(FFI_DEFAULT_ABI); if(NIL_P(abi)) abi = INT2NUM(FFI_DEFAULT_ABI);
Check_Type(args, T_ARRAY); Check_Type(args, T_ARRAY);
Check_Max_Args("args", RARRAY_LENINT(args));
rb_iv_set(self, "@ptr", ptr); rb_iv_set(self, "@ptr", ptr);
rb_iv_set(self, "@args", args); rb_iv_set(self, "@args", args);
@ -129,6 +142,7 @@ function_call(int argc, VALUE argv[], VALUE self)
types = rb_iv_get(self, "@args"); types = rb_iv_get(self, "@args");
cPointer = rb_const_get(mFiddle, rb_intern("Pointer")); cPointer = rb_const_get(mFiddle, rb_intern("Pointer"));
Check_Max_Args("number of arguments", argc);
if(argc != RARRAY_LENINT(types)) { if(argc != RARRAY_LENINT(types)) {
rb_raise(rb_eArgError, "wrong number of arguments (%d for %d)", rb_raise(rb_eArgError, "wrong number of arguments (%d for %d)",
argc, RARRAY_LENINT(types)); argc, RARRAY_LENINT(types));