kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

Fix stack buffer overflow

Browse source 
https://hackerone.com/reports/1306859
This commit is contained in:
Nobuyoshi Nakada 2021-08-17 22:01:57 +09:00
parent 9873af0b1a
commit bcc2bb28b0
Notes: git 2021-12-10 01:05:21 +09:00
2 changed files with 5 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

6
include/ruby/internal/memory.h
View file

@ -284,7 +284,7 @@ typedef uint128_t DSIZE_T;
* @return A pointer on stack.
*/
#define ALLOCA_N(type,n) \
RBIMPL_CAST((type *)alloca(rbimpl_size_mul_or_raise(sizeof(type), (n))))
RBIMPL_CAST((type *)(!(n) ? NULL : alloca(rbimpl_size_mul_or_raise(sizeof(type), (n)))))
/**
* Identical to #RB_ALLOCV_N(), except it implicitly assumes the type of array
@ -297,7 +297,7 @@ typedef uint128_t DSIZE_T;
*/
#define RB_ALLOCV(v, n) \
((n) < RUBY_ALLOCV_LIMIT ? \
((v) = 0, alloca(n)) : \
((v) = 0, !(n) ? NULL : alloca(n)) : \
rb_alloc_tmp_buffer(&(v), (n)))
/**
@ -330,7 +330,7 @@ typedef uint128_t DSIZE_T;
#define RB_ALLOCV_N(type, v, n) \
RBIMPL_CAST((type *) \
(((size_t)(n) < RUBY_ALLOCV_LIMIT / sizeof(type)) ? \
((v) = 0, alloca((n) * sizeof(type))) : \
((v) = 0, !(n) ? NULL : alloca((n) * sizeof(type))) : \
rb_alloc_tmp_buffer2(&(v), (n), sizeof(type))))
/**