kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

string.c: fix buffer overflow check condition in rb_str_set_len()

Browse source 
* string.c (rb_str_set_len): The buffer overflow check is wrong. The
  space for termlen is allocated outside the capacity returned by
  rb_str_capacity(). This fixes r41920 ("string.c: multi-byte
  terminator", 2013-07-11).  [ruby-core:77257] [Bug #12757]

* test/-ext-/string/test_set_len.rb (test_capacity_equals_to_new_size):
  Test for this change. Applying only the test will trigger [BUG].

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56148 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
rhe 2016-09-13 07:08:15 +00:00
parent b4d0e5a4fb
commit be3baa4380
3 changed files with 20 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
ChangeLog
View file

@ -1,3 +1,13 @@
Tue Sep 13 16:07:26 2016 Kazuki Yamaguchi <k@rhe.jp>
* string.c (rb_str_set_len): The buffer overflow check is wrong. The
space for termlen is allocated outside the capacity returned by
rb_str_capacity(). This fixes r41920 ("string.c: multi-byte
terminator", 2013-07-11). [ruby-core:77257] [Bug #12757]
* test/-ext-/string/test_set_len.rb (test_capacity_equals_to_new_size):
Test for this change. Applying only the test will trigger [BUG].
Tue Sep 13 06:03:34 2016 NARUSE, Yui <naruse@ruby-lang.org>
* common.mk (benchmark): fix lib path.

2
string.c
View file

@ -2497,7 +2497,7 @@ rb_str_set_len(VALUE str, long len)
if (STR_SHARED_P(str)) {
rb_raise(rb_eRuntimeError, "can't set length of shared string");
}
if (len + termlen - 1 > (capa = (long)rb_str_capacity(str))) {
if (len > (capa = (long)str_capacity(str, termlen))) {
rb_bug("probable buffer overflow: %ld for %ld", len, capa);
}
STR_SET_LEN(str, len);

9
test/-ext-/string/test_set_len.rb
View file

@ -23,4 +23,13 @@ class Test_StrSetLen < Test::Unit::TestCase
assert_equal("abc", @s1.set_len(3))
}
end
def test_capacity_equals_to_new_size
bug12757 = "[ruby-core:77257] [Bug #12757]"
# fill to ensure capacity does not decrease with force_encoding
str = Bug::String.new("\x00" * 128, capacity: 128)
str.force_encoding("UTF-32BE")
assert_equal 128, Bug::String.capacity(str)
assert_equal 127, str.set_len(127).bytesize, bug12757
end
end