diff options
author | akr <akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2008-09-04 15:06:34 +0000 |
---|---|---|
committer | akr <akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2008-09-04 15:06:34 +0000 |
commit | 40c771fd45eb7b3fd5c024bae65990faa24ddf46 (patch) | |
tree | 4a8367c34f0f3e1110a2ffc502aacaa4bfab4348 | |
parent | d44ee210fae276001993207b99c30d6d155dae34 (diff) |
* pack.c (encodes): make buff fixed length to avoid SEGV by
ruby -e '["a"*10000000].pack("m1000000000")'
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@19139 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | pack.c | 21 |
2 files changed, 19 insertions, 7 deletions
@@ -1,3 +1,8 @@ +Fri Sep 5 00:05:27 2008 Tanaka Akira <akr@fsij.org> + + * pack.c (encodes): make buff fixed length to avoid SEGV by + ruby -e '["a"*10000000].pack("m1000000000")' + Thu Sep 4 23:47:05 2008 Yusuke Endoh <mame@tsg.ne.jp> * ext/bigdecimal/bigdecimal.c (BigDecimal_mode): set exception mode @@ -1009,7 +1009,7 @@ static const char b64_table[] = static void encodes(VALUE str, const char *s, long len, int type) { - char *buff = ALLOCA_N(char, len * 4 / 3 + 6); + char buff[4096]; long i = 0; const char *trans = type == 'u' ? uu_table : b64_table; int padding; @@ -1022,13 +1022,20 @@ encodes(VALUE str, const char *s, long len, int type) padding = '='; } while (len >= 3) { - buff[i++] = trans[077 & (*s >> 2)]; - buff[i++] = trans[077 & (((*s << 4) & 060) | ((s[1] >> 4) & 017))]; - buff[i++] = trans[077 & (((s[1] << 2) & 074) | ((s[2] >> 6) & 03))]; - buff[i++] = trans[077 & s[2]]; - s += 3; - len -= 3; + while (len >= 3 && sizeof(buff)-i >= 4) { + buff[i++] = trans[077 & (*s >> 2)]; + buff[i++] = trans[077 & (((*s << 4) & 060) | ((s[1] >> 4) & 017))]; + buff[i++] = trans[077 & (((s[1] << 2) & 074) | ((s[2] >> 6) & 03))]; + buff[i++] = trans[077 & s[2]]; + s += 3; + len -= 3; + } + if (sizeof(buff)-i < 4) { + rb_str_buf_cat(str, buff, i); + i = 0; + } } + if (len == 2) { buff[i++] = trans[077 & (*s >> 2)]; buff[i++] = trans[077 & (((*s << 4) & 060) | ((s[1] >> 4) & 017))]; |