kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

* string.c (str_buf_cat): Fix potential interger overflow of capa.

Browse source 
In addition, termlen is used instead of +1.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55692 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
ngoto 2016-07-15 13:08:54 +00:00
parent 2bb292fccf
commit 20c4461d86
2 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
ChangeLog
View file

@ -1,3 +1,8 @@
Fri Jul 15 22:05:13 2016 Naohisa Goto <ngotogenome@gmail.com>
* string.c (str_buf_cat): Fix potential interger overflow of capa.
In addition, termlen is used instead of +1.
Fri Jul 15 21:30:38 2016 Naohisa Goto <ngotogenome@gmail.com>
* string.c (str_buf_cat): Fix capa size for embed string.

5
string.c
View file

@ -2562,6 +2562,7 @@ str_buf_cat(VALUE str, const char *ptr, long len)
long capa, total, olen, off = -1;
char *sptr;
const int termlen = TERM_LEN(str);
assert(termlen < RSTRING_EMBED_LEN_MAX + 1); /* < (LONG_MAX/2) */
RSTRING_GETMEM(str, sptr, olen);
if (ptr >= sptr && ptr <= sptr + olen) {
@ -2586,11 +2587,11 @@ str_buf_cat(VALUE str, const char *ptr, long len)
if (capa <= total) {
if (LIKELY(capa > 0)) {
while (total > capa) {
if (capa > LONG_MAX / 2) {
if (capa > LONG_MAX / 2 - termlen) {
capa = (total + 4095) / 4096 * 4096;
break;
}
capa = 2 * capa + 1;
capa = 2 * capa + termlen; /* == 2*(capa+termlen)-termlen */
}
}
else {