From 41da4d16b0bbfa12827ac772c28bf43b0b655140 Mon Sep 17 00:00:00 2001 From: mame Date: Mon, 22 Dec 2008 15:18:12 +0000 Subject: [PATCH] * sprintf.c (rb_str_format): fix buffer overflow. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@20921 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ChangeLog | 4 ++++ sprintf.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index da6066a240..c765976b87 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +Tue Dec 23 00:16:48 2008 Yusuke Endoh + + * sprintf.c (rb_str_format): fix buffer overflow. + Mon Dec 22 19:31:19 2008 Yuki Sonoda (Yugui) * common.mk (revision.h): uses tool/file2lastrev.rb to support diff --git a/sprintf.c b/sprintf.c index 1195f9b17b..cc8f097e5b 100644 --- a/sprintf.c +++ b/sprintf.c @@ -979,8 +979,8 @@ rb_str_format(int argc, const VALUE *argv, VALUE fmt) if ((flags & FWIDTH) && need < width) need = width; - CHECK(need); - snprintf(&buf[blen], need, "%*s", need, ""); + CHECK(need + 1); + snprintf(&buf[blen], need + 1, "%*s", need, ""); if (flags & FMINUS) { if (!isnan(fval) && fval < 0.0) buf[blen++] = '-';