diff options
author | Alan Wu <XrXr@users.noreply.github.com> | 2020-04-12 15:19:06 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-04-12 15:19:06 -0400 |
commit | 82fdffc5ec0ecffc2e49128775d7c09ed43ba59d (patch) | |
tree | 9095f4918dd132171ea875b75bfdfa26b0fe2803 | |
parent | f2c3848a5bf2bec0b27a6035c4b7399594c32509 (diff) |
Avoid UB with flexible array member
Accessing past the end of an array is technically UB. Use C99 flexible
array member instead to avoid the UB and simplify allocation size
calculation.
See also: DCL38-C in the SEI CERT C Coding Standard
Notes
Notes:
Merged: https://github.com/ruby/ruby/pull/3017
Merged-By: XrXr
-rw-r--r-- | compile.c | 4 | ||||
-rw-r--r-- | vm_callinfo.h | 4 |
2 files changed, 4 insertions, 4 deletions
@@ -3951,7 +3951,7 @@ compile_keyword_arg(rb_iseq_t *iseq, LINK_ANCHOR *const ret, { int len = (int)node->nd_alen / 2; struct rb_callinfo_kwarg *kw_arg = - rb_xmalloc_mul_add(len - 1, sizeof(VALUE), sizeof(struct rb_callinfo_kwarg)); + rb_xmalloc_mul_add(len, sizeof(VALUE), sizeof(struct rb_callinfo_kwarg)); VALUE *keywords = kw_arg->keywords; int i = 0; kw_arg->keyword_len = len; @@ -10394,7 +10394,7 @@ ibf_load_ci_entries(const struct ibf_load *load, struct rb_callinfo_kwarg *kwarg = NULL; int kwlen = (int)ibf_load_small_value(load, &reading_pos); if (kwlen > 0) { - kwarg = rb_xmalloc_mul_add(kwlen - 1, sizeof(VALUE), sizeof(struct rb_callinfo_kwarg));; + kwarg = rb_xmalloc_mul_add(kwlen, sizeof(VALUE), sizeof(struct rb_callinfo_kwarg)); kwarg->keyword_len = kwlen; for (int j=0; j<kwlen; j++) { VALUE keyword = ibf_load_small_value(load, &reading_pos); diff --git a/vm_callinfo.h b/vm_callinfo.h index 013811d15e..b3de14dcab 100644 --- a/vm_callinfo.h +++ b/vm_callinfo.h @@ -33,14 +33,14 @@ enum vm_call_flag_bits { struct rb_callinfo_kwarg { int keyword_len; - VALUE keywords[1]; + VALUE keywords[]; }; static inline size_t rb_callinfo_kwarg_bytes(int keyword_len) { return rb_size_mul_add_or_raise( - keyword_len - 1, + keyword_len, sizeof(VALUE), sizeof(struct rb_callinfo_kwarg), rb_eRuntimeError); |