* time.c (time_plus): result should not be negative unless

NEGATIVE_TIME_T is defined. * time.c (time_new_internal): should check tv_sec overflow too. * time.c (time_timeval): should check time_t range when time is initialized from float. * time.c (time_plus): uses modf(3). * variable.c (rb_cvar_set): add frozen class/module check. * variable.c (rb_cvar_declare): add frozen class/module check. * re.c (match_to_a): should propagate taint. * re.c (rb_reg_s_quote): ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@1933 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2001-12-21 09:23:28 +00:00 · 2001-12-21 09:23:28 +00:00 · 63b6b9c430
commit 63b6b9c430
parent e93b8f1c89
8 changed files with 108 additions and 43 deletions
--- a/24
+++ b/24
@ -2,6 +2,18 @@ Fri Dec 21 16:18:17 2001  Nobuyoshi Nakada  <nobu.nakada@nifty.ne.jp>

 	* dln.h, ruby.h, util.h: enable prototypes in C++.

+Fri Dec 21 15:12:41 2001  Yukihiro Matsumoto  <matz@ruby-lang.org>
+
+	* time.c (time_plus): result should not be negative unless
+	  NEGATIVE_TIME_T is defined.
+
+	* time.c (time_new_internal): should check tv_sec overflow too.
+
+	* time.c (time_timeval): should check time_t range when time is
+	  initialized from float.
+
+	* time.c (time_plus): uses modf(3).
+
 Fri Dec 21 03:15:52 2001  Nobuyoshi Nakada  <nobu.nakada@nifty.ne.jp>

 	* eval.c (rb_mod_define_method): must not convert Method to Proc.
@ -18,6 +30,18 @@ Thu Dec 20 14:08:20 2001  Minero Aoki  <aamine@loveruby.net>

 	* lib/net/protocol.rb: rename Net::Socket to Net::BufferedSocket

+Thu Dec 20 13:51:52 2001  K.Kosako  <kosako@sofnec.co.jp>
+
+	* variable.c (rb_cvar_set): add frozen class/module check.
+
+	* variable.c (rb_cvar_declare): add frozen class/module check.
+
+Thu Dec 20 01:01:50 2001  takuma ozawa  <metal@mine.ne.jp>
+
+	* re.c (match_to_a): should propagate taint.
+
+	* re.c (rb_reg_s_quote): ditto.
+
 Wed Dec 19 16:58:29 2001  Shugo Maeda  <shugo@ruby-lang.org>

 	* ext/readline/readline.c: new methods
--- a/doc/NEWS
+++ b/doc/NEWS
@ -1,3 +1,11 @@
+: TCPServer#listen, UNIXServer#listen
+
+  Added.
+
+: String#match
+
+  Added.
+
 : Syslog module

  Imported.
--- a/io.c
+++ b/io.c
@ -522,7 +522,7 @@ io_fread(ptr, len, f)
 #endif
 		    return len - n;
 		}
-		rb_sys_fail(0);
+		return 0;
 	    }
 	    *ptr = '\0';
 	    break;
--- a/lib/tracer.rb
+++ b/lib/tracer.rb
@ -87,16 +87,16 @@ class Tracer
      return p.call line
    end

-    unless list = LINES__[file]
+    unless list = SCRIPT_LINES__[file]
      begin
 	f = open(file)
 	begin 
-	  LINES__[file] = list = f.readlines
+	  SCRIPT_LINES__[file] = list = f.readlines
 	ensure
 	  f.close
 	end
      rescue
-	LINES__[file] = list = []
+	SCRIPT_LINES__[file] = list = []
      end
    end
    if l = list[line - 1]
--- a/misc/ruby-mode.el
+++ b/misc/ruby-mode.el
@ -522,9 +522,10 @@ The variable ruby-indent-level controls the amount of indentation.
 	       (re-search-backward "#" (save-excursion
 					 (beginning-of-line)
 					 (point)) t)
-	       (save-excursion
-		 (forward-char -1)
-		 (not (looking-at "\\?")))
+	       (if (not (= (point) (point-min)))
+		   (save-excursion
+		     (forward-char -1)
+		     (not (looking-at "\\?"))))
 	       (skip-chars-backward " \t")
 	       (if (save-excursion
 		     (forward-char -1)
--- a/re.c
+++ b/re.c
@ -781,11 +781,16 @@ match_to_a(match)
    VALUE ary = rb_ary_new2(regs->num_regs);
    char *ptr = RSTRING(RMATCH(match)->str)->ptr;
    int i;
-
+    int taint = OBJ_TAINTED(match);
+    
    for (i=0; i<regs->num_regs; i++) {
-	if (regs->beg[i] == -1) rb_ary_push(ary, Qnil);
-	else rb_ary_push(ary, rb_str_new(ptr+regs->beg[i],
-					 regs->end[i]-regs->beg[i]));
+	if (regs->beg[i] == -1) {
+	    rb_ary_push(ary, Qnil);
+	} else {
+	    VALUE str = rb_str_new(ptr+regs->beg[i], regs->end[i]-regs->beg[i]);
+	    if (taint) OBJ_TAINT(str);
+	    rb_ary_push(ary, str);
+	}
    }
    return ary;
 }
@ -1122,7 +1127,7 @@ rb_reg_s_quote(argc, argv)
    }
    kcode_reset_option();
    rb_str_resize(tmp, t - RSTRING(tmp)->ptr);
-
+    OBJ_INFECT(tmp, str);
    return tmp;
 }

--- a/time.c
+++ b/time.c
@ -29,6 +29,7 @@ struct timeval {
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
+#include <math.h>

 VALUE rb_cTime;

@ -69,15 +70,24 @@ time_new_internal(klass, sec, usec)
    time_t sec, usec;
 {
    VALUE obj;
+    time_t tmp;
    struct time_object *tobj;

    if (usec >= 1000000) {	/* usec positive overflow */
-	sec += usec / 1000000;
+	tmp = sec + usec / 1000000;
 	usec %= 1000000;
+	if (sec > 0 && tmp < 0) {
+	    rb_raise(rb_eRangeError, "out of Time range");
+	}
+	sec = tmp;
    }
    if (usec < 0) {		/* usec negative overflow */
-	sec += NDIV(usec,1000000); /* negative div */
-	usec = NMOD(usec,1000000); /* negative mod */
+	tmp = sec + NDIV(usec,1000000); /* negative div */
+	usec = NMOD(usec,1000000);      /* negative mod */
+	if (sec < 0 && tmp > 0) {
+	    rb_raise(rb_eRangeError, "out of Time range");
+	}
+	sec = tmp;
    }
 #ifndef NEGATIVE_TIME_T
    if (sec < 0 || (sec == 0 && usec < 0))
@ -122,8 +132,16 @@ time_timeval(time, interval)
      case T_FLOAT:
 	if (interval && RFLOAT(time)->value < 0.0)
 	    rb_raise(rb_eArgError, "%s must be positive", tstr);
-	t.tv_sec = (time_t)RFLOAT(time)->value;
-	t.tv_usec = (time_t)((RFLOAT(time)->value - (double)t.tv_sec)*1e6);
+	else {
+	    double f, d;
+
+	    d = modf(RFLOAT(time)->value, &f);
+	    t.tv_sec = (time_t)f;
+	    if (f != t.tv_sec) {
+		rb_raise(rb_eRangeError, "%f out of Time range", RFLOAT(time)->value);
+	    }
+	    t.tv_usec = (time_t)d*1e6;
+	}
 	break;

      case T_BIGNUM:
@ -925,26 +943,30 @@ time_plus(time1, time2)
 {
    struct time_object *tobj;
    time_t sec, usec;
-    double f, d;
+    double f, d, v;

    GetTimeval(time1, tobj);

    if (rb_obj_is_kind_of(time2, rb_cTime)) {
 	rb_raise(rb_eTypeError, "time + time?");
    }
-    f = NUM2DBL(time2);
-    sec = (time_t)f;
-    d = f - (double)sec;
-    if (d >= 1.0 || d <= -1.0) {
-	rb_raise(rb_eRangeError, "time + %f out of Time range", f);
+    v = NUM2DBL(time2);
+    d = modf(v, &f);
+    if (f != (double)sec || d >= 1.0 || d <= -1.0) {
+	rb_raise(rb_eRangeError, "time + %f out of Time range", v);
    }
-    usec = tobj->tv.tv_usec + (time_t)(d*1e6);
-    sec = tobj->tv.tv_sec + sec;
+#ifndef NEGATIVE_TIME_T
+    if (f < 0 && -f >= tobj->tv.tv_sec) {
+	rb_raise(rb_eArgError, "time must be positive");
+    }
+#endif
+    usec = tobj->tv.tv_usec + (time_t)d*1e6;
+    sec = tobj->tv.tv_sec + (time_t)f;

 #ifdef NEGATIVE_TIME_T
    if ((tobj->tv.tv_sec >= 0 && f >= 0 && sec < 0) ||
 	(tobj->tv.tv_sec <= 0 && f <= 0 && sec > 0)) {
-	rb_raise(rb_eRangeError, "time + %f out of Time range", f);
+	rb_raise(rb_eRangeError, "time + %f out of Time range", v);
    }
 #endif
    time2 = rb_time_new(sec, usec);
@ -961,7 +983,7 @@ time_minus(time1, time2)
 {
    struct time_object *tobj;
    time_t sec, usec;
-    double f, d;
+    double f, d, v;

    GetTimeval(time1, tobj);
    if (rb_obj_is_kind_of(time2, rb_cTime)) {
@ -970,21 +992,26 @@ time_minus(time1, time2)
 	GetTimeval(time2, tobj2);
 	f = (double)tobj->tv.tv_sec - (double)tobj2->tv.tv_sec;
 	f += ((double)tobj->tv.tv_usec - (double)tobj2->tv.tv_usec)*1e-6;
+	/* XXX: should check float overflow on 64bit time_t platforms */

 	return rb_float_new(f);
    }
-    f = NUM2DBL(time2);
-    sec = (time_t)f;
-    d = f - (double)sec;
-    if (d >= 1.0 || d <= -1.0) {
-	rb_raise(rb_eRangeError, "time - %f out of Time range", f);
+    v = NUM2DBL(time2);
+    d = modf(v, &f);
+    if (f != (double)sec || d >= 1.0 || d <= -1.0) {
+	rb_raise(rb_eRangeError, "time - %f out of Time range", v);
    }
+#ifndef NEGATIVE_TIME_T
+    if (f > 0 && f >= tobj->tv.tv_sec) {
+	rb_raise(rb_eArgError, "time must be positive");
+    }
+#endif
    usec = tobj->tv.tv_usec - (time_t)(d*1e6);
-    sec = tobj->tv.tv_sec - sec;
+    sec = tobj->tv.tv_sec - (time_t)f;
 #ifdef NEGATIVE_TIME_T
    if ((tobj->tv.tv_sec <= 0 && f >= 0 && sec > 0) ||
 	(tobj->tv.tv_sec >= 0 && f <= 0 && sec < 0)) {
-	rb_raise(rb_eRangeError, "time - %f out of Time range", f);
+	rb_raise(rb_eRangeError, "time - %f out of Time range", v);
    }
 #endif

--- a/variable.c
+++ b/variable.c
@ -1459,16 +1459,15 @@ rb_cvar_set(klass, id, val)

    tmp = klass;
    while (tmp) {
-	if (RCLASS(tmp)->iv_tbl) {
-	    if (st_lookup(RCLASS(tmp)->iv_tbl,id,0)) {
-		if (!OBJ_TAINTED(tmp) && rb_safe_level() >= 4)
-		    rb_raise(rb_eSecurityError, "Insecure: can't modify class variable");
-		st_insert(RCLASS(tmp)->iv_tbl,id,val);
-		if (ruby_verbose) {
-		    cvar_override_check(id, tmp);
-		}
-		return;
+	if (RCLASS(tmp)->iv_tbl && st_lookup(RCLASS(tmp)->iv_tbl,id,0)) {
+	    if (OBJ_FROZEN(tmp)) rb_error_frozen("class/module");
+	    if (!OBJ_TAINTED(tmp) && rb_safe_level() >= 4)
+		rb_raise(rb_eSecurityError, "Insecure: can't modify class variable");
+	    st_insert(RCLASS(tmp)->iv_tbl,id,val);
+	    if (ruby_verbose) {
+		cvar_override_check(id, tmp);
 	    }
+	    return;
 	}
 	tmp = RCLASS(tmp)->super;
    }
@ -1488,6 +1487,7 @@ rb_cvar_declare(klass, id, val)
    tmp = klass;
    while (tmp) {
 	if (RCLASS(tmp)->iv_tbl && st_lookup(RCLASS(tmp)->iv_tbl,id,0)) {
+	    if (OBJ_FROZEN(tmp)) rb_error_frozen("class/module");
 	    if (!OBJ_TAINTED(tmp) && rb_safe_level() >= 4)
 		rb_raise(rb_eSecurityError, "Insecure: can't modify class variable");
 	    if (ruby_verbose && klass != tmp) {