From d0c2e3c7c95302c70a19b3d1d34bcb67da9f982f Mon Sep 17 00:00:00 2001 From: nobu Date: Sat, 23 Oct 2004 15:41:17 +0000 Subject: [PATCH] * eval.c (rb_load, search_required, rb_require_safe, rb_require): use frozen shared string to avoid outside modification. [ruby-dev:24580] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7106 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ChangeLog | 5 +++++ eval.c | 10 ++++++++-- file.c | 8 +++++++- 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0da9694880..d4e1760a87 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +Sun Oct 24 00:40:50 2004 Nobuyoshi Nakada + + * eval.c (rb_load, search_required, rb_require_safe, rb_require): use + frozen shared string to avoid outside modification. [ruby-dev:24580] + Sat Oct 23 00:20:55 2004 Yukihiro Matsumoto * ext/zlib/zlib.c (zstream_append_input): clear klass for z->input diff --git a/eval.c b/eval.c index 6b1fa341ae..1dba366916 100644 --- a/eval.c +++ b/eval.c @@ -6438,6 +6438,7 @@ rb_load(fname, wrap) if (!wrap) rb_secure(4); FilePathValue(fname); + fname = rb_str_new4(fname); tmp = rb_find_file(fname); if (!tmp) { load_failed(fname); @@ -6691,7 +6692,7 @@ search_required(fname, featurep, path) char *ext, *ftptr; int type; - *featurep = fname = rb_str_new4(fname); + *featurep = fname; *path = 0; ext = strrchr(ftptr = RSTRING(fname)->ptr, '.'); if (ext && !strchr(ext, '/')) { @@ -6705,6 +6706,7 @@ search_required(fname, featurep, path) tmp = rb_str_new(RSTRING(fname)->ptr, ext-RSTRING(fname)->ptr); *featurep = tmp; #ifdef DLEXT2 + OBJ_FREEZE(tmp); if (rb_find_file_ext(&tmp, loadable_ext+1)) { *featurep = tmp; *path = rb_find_file(tmp); @@ -6712,6 +6714,7 @@ search_required(fname, featurep, path) } #else rb_str_cat2(tmp, DLEXT); + OBJ_FREEZE(tmp); if (*path = rb_find_file(tmp)) { return 's'; } @@ -6763,6 +6766,7 @@ rb_require_safe(fname, safe) char *volatile ftptr = 0; FilePathValue(fname); + fname = rb_str_new4(fname); saved.vmode = scope_vmode; saved.node = ruby_current_node; saved.func = ruby_frame->last_func; @@ -6832,7 +6836,9 @@ VALUE rb_require(fname) const char *fname; { - return rb_require_safe(rb_str_new2(fname), ruby_safe_level); + VALUE fn = rb_str_new2(fname); + OBJ_FREEZE(fn); + return rb_require_safe(fn, ruby_safe_level); } static void diff --git a/file.c b/file.c index 69f600e115..bf2e34fdb6 100644 --- a/file.c +++ b/file.c @@ -4104,6 +4104,7 @@ rb_find_file_ext(filep, ext) if (rb_safe_level() >= 2 && OBJ_TAINTED(fname)) { rb_raise(rb_eSecurityError, "loading from unsafe file %s", f); } + OBJ_FREEZE(fname); f = StringValueCStr(fname); *filep = fname; } @@ -4112,6 +4113,7 @@ rb_find_file_ext(filep, ext) for (i=0; ext[i]; i++) { fname = rb_str_dup(*filep); rb_str_cat2(fname, ext[i]); + OBJ_FREEZE(fname); if (file_load_ok(StringValueCStr(fname))) { *filep = fname; return i+1; @@ -4132,6 +4134,7 @@ rb_find_file_ext(filep, ext) for (j=0; ext[j]; j++) { fname = rb_str_dup(*filep); rb_str_cat2(fname, ext[j]); + OBJ_FREEZE(fname); found = dln_find_file(StringValueCStr(fname), path); if (found && file_load_ok(found)) { *filep = fname; @@ -4155,6 +4158,7 @@ rb_find_file(path) if (rb_safe_level() >= 1 && OBJ_TAINTED(path)) { rb_raise(rb_eSecurityError, "loading from unsafe path %s", f); } + OBJ_FREEZE(path); f = StringValueCStr(path); } @@ -4213,7 +4217,9 @@ rb_find_file(path) rb_raise(rb_eSecurityError, "loading from unsafe file %s", f); } if (file_load_ok(f)) { - return rb_str_new2(f); + tmp = rb_str_new2(f); + OBJ_FREEZE(tmp); + return tmp; } return 0; }