diff options
author | shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2008-06-29 09:24:21 +0000 |
---|---|---|
committer | shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2008-06-29 09:24:21 +0000 |
commit | 526a28d851ba4ec2ab8e5c2321af43cda2dd1d7f (patch) | |
tree | e47d5fa04ffc67fa05384bbd652e93702a87788b | |
parent | 007bfbc9e1be697a73d282111b9dcf5b5c73fa55 (diff) |
merge revision(s) 17570:
* array.c (rb_ary_fill): not depend on unspecified behavior at integer
overflow. reported by Vincenzo Iozzo <snagg AT openssl.it>.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@17688 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | array.c | 4 | ||||
-rw-r--r-- | version.h | 2 |
3 files changed, 8 insertions, 3 deletions
@@ -1,3 +1,8 @@ +Sun Jun 29 18:24:13 2008 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * array.c (rb_ary_fill): not depend on unspecified behavior at integer + overflow. reported by Vincenzo Iozzo <snagg AT openssl.it>. + Sun Jun 29 18:21:23 2008 Masaki Suketa <masaki.suketa@nifty.ne.jp> * ext/win32ole/win32ole.c(ole_invoke): fix memory leak. @@ -2272,10 +2272,10 @@ rb_ary_fill(argc, argv, ary) break; } rb_ary_modify(ary); - end = beg + len; - if (end < 0) { + if (len > ARY_MAX_SIZE - beg) { rb_raise(rb_eArgError, "argument too big"); } + end = beg + len; if (end > RARRAY(ary)->len) { if (end >= RARRAY(ary)->aux.capa) { REALLOC_N(RARRAY(ary)->ptr, VALUE, end); @@ -2,7 +2,7 @@ #define RUBY_RELEASE_DATE "2008-06-29" #define RUBY_VERSION_CODE 186 #define RUBY_RELEASE_CODE 20080629 -#define RUBY_PATCHLEVEL 247 +#define RUBY_PATCHLEVEL 248 #define RUBY_VERSION_MAJOR 1 #define RUBY_VERSION_MINOR 8 |