kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

yaml/api.c, yaml/loader.c: integer overflow

Browse source 
* ext/psych/yaml/api.c (yaml_scalar_event_initialize): fix possible
  integer overflow.
  (yaml_document_add_scalar): ditto.
  (yaml_document_add_sequence): ditto.
   (yaml_document_add_mapping): ditto.

* ext/psych/yaml/loader.c (yaml_parser_load_scalar): ditto.
  (yaml_parser_load_sequence): ditto.
  (yaml_parser_load_mapping): ditto.

* ext/psych/yaml/scanner.c (yaml_parser_roll_indent): suppress
  warnigs.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44816 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
nobu 2014-02-05 01:17:28 +00:00
parent 0483b29a8b
commit 990ba47c24
3 changed files with 59 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

53
ext/psych/yaml/api.c
View file

@ -822,6 +822,7 @@ yaml_scalar_event_initialize(yaml_event_t *event,
yaml_char_t *anchor_copy = NULL; yaml_char_t *anchor_copy = NULL;
yaml_char_t *tag_copy = NULL; yaml_char_t *tag_copy = NULL;
yaml_char_t *value_copy = NULL; yaml_char_t *value_copy = NULL;
size_t value_length;
assert(event); /* Non-NULL event object is expected. */ assert(event); /* Non-NULL event object is expected. */
assert(value); /* Non-NULL anchor is expected. */ assert(value); /* Non-NULL anchor is expected. */
@ -839,16 +840,19 @@ yaml_scalar_event_initialize(yaml_event_t *event,
} }
if (length < 0) { if (length < 0) {
length = strlen((char *)value); value_length = strlen((char *)value);
}
else {
value_length = (size_t)length;
} }
if (!yaml_check_utf8(value, length)) goto error; if (!yaml_check_utf8(value, value_length)) goto error;
value_copy = yaml_malloc(length+1); value_copy = yaml_malloc(value_length+1);
if (!value_copy) goto error; if (!value_copy) goto error;
memcpy(value_copy, value, length); memcpy(value_copy, value, value_length);
value_copy[length] = '\0'; value_copy[value_length] = '\0';
SCALAR_EVENT_INIT(*event, anchor_copy, tag_copy, value_copy, length, SCALAR_EVENT_INIT(*event, anchor_copy, tag_copy, value_copy, value_length,
plain_implicit, quoted_implicit, style, mark, mark); plain_implicit, quoted_implicit, style, mark, mark);
return 1; return 1;
@ -1202,6 +1206,8 @@ yaml_document_add_scalar(yaml_document_t *document,
yaml_char_t *tag_copy = NULL; yaml_char_t *tag_copy = NULL;
yaml_char_t *value_copy = NULL; yaml_char_t *value_copy = NULL;
yaml_node_t node; yaml_node_t node;
size_t value_length;
ptrdiff_t ret;
assert(document); /* Non-NULL document object is expected. */ assert(document); /* Non-NULL document object is expected. */
assert(value); /* Non-NULL value is expected. */ assert(value); /* Non-NULL value is expected. */
@ -1215,19 +1221,26 @@ yaml_document_add_scalar(yaml_document_t *document,
if (!tag_copy) goto error; if (!tag_copy) goto error;
if (length < 0) { if (length < 0) {
length = strlen((char *)value); value_length = strlen((char *)value);
}
else {
value_length = (size_t)length;
} }
if (!yaml_check_utf8(value, length)) goto error; if (!yaml_check_utf8(value, value_length)) goto error;
value_copy = yaml_malloc(length+1); value_copy = yaml_malloc(value_length+1);
if (!value_copy) goto error; if (!value_copy) goto error;
memcpy(value_copy, value, length); memcpy(value_copy, value, value_length);
value_copy[length] = '\0'; value_copy[value_length] = '\0';
SCALAR_NODE_INIT(node, tag_copy, value_copy, length, style, mark, mark); SCALAR_NODE_INIT(node, tag_copy, value_copy, value_length, style, mark, mark);
if (!PUSH(&context, document->nodes, node)) goto error; if (!PUSH(&context, document->nodes, node)) goto error;
return document->nodes.top - document->nodes.start; ret = document->nodes.top - document->nodes.start;
#if PTRDIFF_MAX > INT_MAX
if (ret > INT_MAX) goto error;
#endif
return (int)ret;
error: error:
yaml_free(tag_copy); yaml_free(tag_copy);
@ -1255,6 +1268,7 @@ yaml_document_add_sequence(yaml_document_t *document,
yaml_node_item_t *top; yaml_node_item_t *top;
} items = { NULL, NULL, NULL }; } items = { NULL, NULL, NULL };
yaml_node_t node; yaml_node_t node;
ptrdiff_t ret;
assert(document); /* Non-NULL document object is expected. */ assert(document); /* Non-NULL document object is expected. */
@ -1272,7 +1286,11 @@ yaml_document_add_sequence(yaml_document_t *document,
style, mark, mark); style, mark, mark);
if (!PUSH(&context, document->nodes, node)) goto error; if (!PUSH(&context, document->nodes, node)) goto error;
return document->nodes.top - document->nodes.start; ret = document->nodes.top - document->nodes.start;
#if PTRDIFF_MAX > INT_MAX
if (ret > INT_MAX) goto error;
#endif
return (int)ret;
error: error:
STACK_DEL(&context, items); STACK_DEL(&context, items);
@ -1300,6 +1318,7 @@ yaml_document_add_mapping(yaml_document_t *document,
yaml_node_pair_t *top; yaml_node_pair_t *top;
} pairs = { NULL, NULL, NULL }; } pairs = { NULL, NULL, NULL };
yaml_node_t node; yaml_node_t node;
ptrdiff_t ret;
assert(document); /* Non-NULL document object is expected. */ assert(document); /* Non-NULL document object is expected. */
@ -1317,7 +1336,11 @@ yaml_document_add_mapping(yaml_document_t *document,
style, mark, mark); style, mark, mark);
if (!PUSH(&context, document->nodes, node)) goto error; if (!PUSH(&context, document->nodes, node)) goto error;
return document->nodes.top - document->nodes.start; ret = document->nodes.top - document->nodes.start;
#if PTRDIFF_MAX > INT_MAX
if (ret > INT_MAX) goto error;
#endif
return (int)ret;
error: error:
STACK_DEL(&context, pairs); STACK_DEL(&context, pairs);

21
ext/psych/yaml/loader.c
View file

@ -283,6 +283,7 @@ static int
yaml_parser_load_scalar(yaml_parser_t *parser, yaml_event_t *first_event) yaml_parser_load_scalar(yaml_parser_t *parser, yaml_event_t *first_event)
{ {
yaml_node_t node; yaml_node_t node;
ptrdiff_t node_index;
int index; int index;
yaml_char_t *tag = first_event->data.scalar.tag; yaml_char_t *tag = first_event->data.scalar.tag;
@ -300,7 +301,11 @@ yaml_parser_load_scalar(yaml_parser_t *parser, yaml_event_t *first_event)
if (!PUSH(parser, parser->document->nodes, node)) goto error; if (!PUSH(parser, parser->document->nodes, node)) goto error;
index = parser->document->nodes.top - parser->document->nodes.start; node_index = parser->document->nodes.top - parser->document->nodes.start;
#if PTRDIFF_MAX > INT_MAX
if (node_index > INT_MAX) goto error;
#endif
index = (int)node_index;
if (!yaml_parser_register_anchor(parser, index, if (!yaml_parser_register_anchor(parser, index,
first_event->data.scalar.anchor)) return 0; first_event->data.scalar.anchor)) return 0;
@ -329,6 +334,7 @@ yaml_parser_load_sequence(yaml_parser_t *parser, yaml_event_t *first_event)
yaml_node_item_t *top; yaml_node_item_t *top;
} items = { NULL, NULL, NULL }; } items = { NULL, NULL, NULL };
int index, item_index; int index, item_index;
ptrdiff_t node_index;
yaml_char_t *tag = first_event->data.sequence_start.tag; yaml_char_t *tag = first_event->data.sequence_start.tag;
if (!STACK_LIMIT(parser, parser->document->nodes, INT_MAX-1)) goto error; if (!STACK_LIMIT(parser, parser->document->nodes, INT_MAX-1)) goto error;
@ -347,7 +353,11 @@ yaml_parser_load_sequence(yaml_parser_t *parser, yaml_event_t *first_event)
if (!PUSH(parser, parser->document->nodes, node)) goto error; if (!PUSH(parser, parser->document->nodes, node)) goto error;
index = parser->document->nodes.top - parser->document->nodes.start; node_index = parser->document->nodes.top - parser->document->nodes.start;
#if PTRDIFF_MAX > INT_MAX
if (node_index > INT_MAX) goto error;
#endif
index = (int)node_index;
if (!yaml_parser_register_anchor(parser, index, if (!yaml_parser_register_anchor(parser, index,
first_event->data.sequence_start.anchor)) return 0; first_event->data.sequence_start.anchor)) return 0;
@ -391,6 +401,7 @@ yaml_parser_load_mapping(yaml_parser_t *parser, yaml_event_t *first_event)
yaml_node_pair_t *top; yaml_node_pair_t *top;
} pairs = { NULL, NULL, NULL }; } pairs = { NULL, NULL, NULL };
int index; int index;
ptrdiff_t node_index;
yaml_node_pair_t pair; yaml_node_pair_t pair;
yaml_char_t *tag = first_event->data.mapping_start.tag; yaml_char_t *tag = first_event->data.mapping_start.tag;
@ -410,7 +421,11 @@ yaml_parser_load_mapping(yaml_parser_t *parser, yaml_event_t *first_event)
if (!PUSH(parser, parser->document->nodes, node)) goto error; if (!PUSH(parser, parser->document->nodes, node)) goto error;
index = parser->document->nodes.top - parser->document->nodes.start; node_index = parser->document->nodes.top - parser->document->nodes.start;
#if PTRDIFF_MAX > INT_MAX
if (node_index > INT_MAX) goto error;
#endif
index = (int)node_index;
if (!yaml_parser_register_anchor(parser, index, if (!yaml_parser_register_anchor(parser, index,
first_event->data.mapping_start.anchor)) return 0; first_event->data.mapping_start.anchor)) return 0;

4
ext/psych/yaml/scanner.c
View file

@ -1231,12 +1231,14 @@ yaml_parser_roll_indent(yaml_parser_t *parser, ptrdiff_t column,
if (!PUSH(parser, parser->indents, parser->indent)) if (!PUSH(parser, parser->indents, parser->indent))
return 0; return 0;
#if PTRDIFF_MAX > INT_MAX
if (column > INT_MAX) { if (column > INT_MAX) {
parser->error = YAML_MEMORY_ERROR; parser->error = YAML_MEMORY_ERROR;
return 0; return 0;
} }
#endif
parser->indent = column; parser->indent = (int)column;
/* Create a token and insert it into the queue. */ /* Create a token and insert it into the queue. */