summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorusa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2016-03-25 09:19:56 +0000
committerusa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2016-03-25 09:19:56 +0000
commit477c282a079a1784a0b8c236e7449712be07cae4 (patch)
tree45fcd3fcae0c6ebf565fa12caaa4c4a1883c2959
parentd86cba89d8ffd9339bf3a4755774dd1f8a78cc52 (diff)
merge revision(s) 54105,54108,54136,54138: [Backport #12188]
* marshal.c (r_object0): Fix Marshal crash for corrupt extended object. * marshal.c (r_object0): raise ArgumentError when linking to undefined object. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@54274 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r--ChangeLog9
-rw-r--r--marshal.c7
-rw-r--r--test/ruby/test_marshal.rb19
-rw-r--r--version.h2
4 files changed, 35 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index b88b61b8cc..8afb37e428 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+Fri Mar 25 18:18:29 2016 Eric Hodel <drbrain@segment7.net>
+
+ * marshal.c (r_object0): raise ArgumentError when linking to undefined
+ object.
+
+Fri Mar 25 18:18:29 2016 Eric Hodel <drbrain@segment7.net>
+
+ * marshal.c (r_object0): Fix Marshal crash for corrupt extended object.
+
Fri Mar 25 18:07:48 2016 Yutaka Kanemoto <kanemoto@ruby-lang.org>
* cont.c (rb_fiber_struct): keep context.uc_stack.ss_sp and context.uc_stack.ss_size
diff --git a/marshal.c b/marshal.c
index fd6e12f0d9..869996fbb3 100644
--- a/marshal.c
+++ b/marshal.c
@@ -1515,6 +1515,7 @@ r_object0(struct load_arg *arg, int *ivp, VALUE extmod)
{
VALUE path = r_unique(arg);
VALUE m = rb_path_to_class(path);
+ if (NIL_P(extmod)) extmod = rb_ary_tmp_new(0);
if (RB_TYPE_P(m, T_CLASS)) { /* prepended */
VALUE c;
@@ -1534,7 +1535,6 @@ r_object0(struct load_arg *arg, int *ivp, VALUE extmod)
}
else {
must_be_module(m, path);
- if (NIL_P(extmod)) extmod = rb_ary_tmp_new(0);
rb_ary_push(extmod, m);
v = r_object0(arg, 0, extmod);
@@ -1894,6 +1894,11 @@ r_object0(struct load_arg *arg, int *ivp, VALUE extmod)
rb_raise(rb_eArgError, "dump format error(0x%x)", type);
break;
}
+
+ if (v == Qundef) {
+ rb_raise(rb_eArgError, "dump format error (bad link)");
+ }
+
return v;
}
diff --git a/test/ruby/test_marshal.rb b/test/ruby/test_marshal.rb
index 14c49faca3..8e0bca46ba 100644
--- a/test/ruby/test_marshal.rb
+++ b/test/ruby/test_marshal.rb
@@ -1,5 +1,6 @@
require 'test/unit'
require 'tempfile'
+require_relative 'envutil'
require_relative 'marshaltestlib'
class TestMarshal < Test::Unit::TestCase
@@ -612,4 +613,22 @@ class TestMarshal < Test::Unit::TestCase
obj = [str, str]
assert_equal(['X', 'X'], Marshal.load(Marshal.dump(obj), ->(v) { v == str ? v.upcase : v }))
end
+
+ def test_marshal_load_extended_class_crash
+ crash = "\x04\be:\x0F\x00omparableo:\vObject\x00"
+
+ opt = %w[--disable=gems]
+ assert_ruby_status(opt, "Marshal.load(#{crash.dump})")
+ end
+
+ def test_marshal_load_r_prepare_reference_crash
+ crash = "\x04\bI/\x05\x00\x06:\x06E{\x06@\x05T"
+
+ opt = %w[--disable=gems]
+ assert_separately(opt, <<-RUBY)
+ assert_raise_with_message(ArgumentError, /bad link/) do
+ Marshal.load(#{crash.dump})
+ end
+ RUBY
+ end
end
diff --git a/version.h b/version.h
index 1d0cba6b4b..b6a5271be4 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,6 @@
#define RUBY_VERSION "2.1.9"
#define RUBY_RELEASE_DATE "2016-03-25"
-#define RUBY_PATCHLEVEL 471
+#define RUBY_PATCHLEVEL 472
#define RUBY_RELEASE_YEAR 2016
#define RUBY_RELEASE_MONTH 3