diff options
author | yugui <yugui@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2011-05-31 00:11:35 +0000 |
---|---|---|
committer | yugui <yugui@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2011-05-31 00:11:35 +0000 |
commit | eff01662e48aecbdab354f93fe7744bb8a90fd8f (patch) | |
tree | c9155da8b2f51390eaf0043fcd10bffe6cb16fdd | |
parent | ffafcd96e66ec6a4b7150616b00bd0bab145671d (diff) |
merges r31441,r31442 and r31443 from trunk into ruby_1_9_2.
--
YAML.load time correctly parse usecs smaller than 1 fixes #4571
Signed-off-by: URABE, Shyouhei <shyouhei@ruby-lang.org>
--
ChangeLog for it
--
* ext/syck/rubyext.c (mktime_do): avoid buffer overrun, by
silently ignoring lesser significant digits. Required buffer
length can be computable so you might at first think of
allocating enough memory space on the fly using alloca(). That
is a wrong idea because when using alloca there is always risk
of integer overflow. A function that accepts outer-process
resources like this should not blindly trust its inputs. In
this particular case we just want to generate miliseconds
resolution by strtod() so the string in question needs no more
length than what we originally have. Ignoring lesser
significant digits should suffice I believe.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_2@31831 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 19 | ||||
-rw-r--r-- | ext/syck/rubyext.c | 25 | ||||
-rw-r--r-- | version.h | 2 |
3 files changed, 33 insertions, 13 deletions
@@ -1,3 +1,22 @@ +Fri May 6 15:01:11 2011 URABE Shyouhei <shyouhei@ruby-lang.org> + + * ext/syck/rubyext.c (mktime_do): avoid buffer overrun, by + silently ignoring lesser significant digits. Required buffer + length can be computable so you might at first think of + allocating enough memory space on the fly using alloca(). That + is a wrong idea because when using alloca there is always risk + of integer overflow. A function that accepts outer-process + resources like this should not blindly trust its inputs. In + this particular case we just want to generate miliseconds + resolution by strtod() so the string in question needs no more + length than what we originally have. Ignoring lesser + significant digits should suffice I believe. + +Fri May 6 14:25:53 2011 Tinco Andringa <mail@tinco.nl> + + * ext/syck/rubyext.c (mktime_do): YAML.load time correctly parse + usecs smaller than 1 fixes #4571 + Thu May 5 17:36:31 2011 CHIKANAGA Tomoyuki <nagachika00@gmail.com> * eval.c (frame_func_id): store result of method_entry_of_iseq() to diff --git a/ext/syck/rubyext.c b/ext/syck/rubyext.c index af52976ff1..1be472e040 100644 --- a/ext/syck/rubyext.c +++ b/ext/syck/rubyext.c @@ -225,7 +225,7 @@ mktime_do(struct mktime_arg *arg) VALUE hour = INT2FIX(0); VALUE min = INT2FIX(0); VALUE sec = INT2FIX(0); - long usec; + double usec; /* Year*/ if ( ptr[0] != '\0' && len > 0 ) { @@ -271,19 +271,20 @@ mktime_do(struct mktime_arg *arg) ptr += 2; if ( len > ptr - str && *ptr == '.' ) { - char padded[] = "000000"; - char *end = ptr + 1; - char *p = end; + char padded[] = "000000.000000"; + const int padding = 6; + const int offset = padding + 1; + const char *end = ptr + 1; + const char *begin = end; + int length; while ( isdigit( *end ) ) end++; - if (end - p < sizeof(padded)) { - MEMCPY(padded, ptr + 1, char, end - (ptr + 1)); - p = padded; - } - usec = strtol(p, NULL, 10); + length = (int)(end - begin) <= padding ? (int)(end - begin) : padding; + MEMCPY(padded, begin, char, length); + usec = strtod(padded, NULL); } else { - usec = 0; + usec = 0.0; } /* Time Zone*/ @@ -311,12 +312,12 @@ mktime_do(struct mktime_arg *arg) time = rb_funcall(rb_cTime, s_utc, 6, year, mon, day, hour, min, sec); tmp = rb_funcall(time, s_to_i, 0); tmp = rb_funcall(tmp, '-', 1, LONG2FIX(tz_offset)); - return rb_funcall(rb_cTime, s_at, 2, tmp, LONG2NUM(usec)); + return rb_funcall(rb_cTime, s_at, 2, tmp, rb_float_new(usec)); } else { /* Make UTC time*/ - return rb_funcall(rb_cTime, s_utc, 7, year, mon, day, hour, min, sec, LONG2NUM(usec)); + return rb_funcall(rb_cTime, s_utc, 7, year, mon, day, hour, min, sec, rb_float_new(usec)); } } @@ -1,5 +1,5 @@ #define RUBY_VERSION "1.9.2" -#define RUBY_PATCHLEVEL 248 +#define RUBY_PATCHLEVEL 249 #define RUBY_VERSION_MAJOR 1 #define RUBY_VERSION_MINOR 9 #define RUBY_VERSION_TEENY 1 |