diff options
author | naruse <naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2016-03-29 07:44:18 +0000 |
---|---|---|
committer | naruse <naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2016-03-29 07:44:18 +0000 |
commit | 46e7e1f9ffe5428871319718024b4707bc5ce27d (patch) | |
tree | b427115be581ab524ff0b02df3e35e38c092b561 | |
parent | 2f29baf68cd1cd77f91ae83a0015878f9b1cbd31 (diff) |
merge revision(s) 54105,54108,54136,54138: [Backport #12188]
* marshal.c (r_object0): Fix Marshal crash for corrupt extended object.
* marshal.c (r_object0): raise ArgumentError when linking to undefined
object.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@54380 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 9 | ||||
-rw-r--r-- | marshal.c | 7 | ||||
-rw-r--r-- | test/ruby/test_marshal.rb | 18 | ||||
-rw-r--r-- | version.h | 2 |
4 files changed, 34 insertions, 2 deletions
@@ -1,3 +1,12 @@ +Tue Mar 29 16:41:27 2016 Eric Hodel <drbrain@segment7.net> + + * marshal.c (r_object0): raise ArgumentError when linking to undefined + object. + +Tue Mar 29 16:41:27 2016 Eric Hodel <drbrain@segment7.net> + + * marshal.c (r_object0): Fix Marshal crash for corrupt extended object. + Tue Mar 29 16:40:48 2016 Eric Wong <e@80x24.org> * ext/openssl/ossl_ssl.c (ossl_sslctx_setup): document as MT-unsafe @@ -1585,6 +1585,7 @@ r_object0(struct load_arg *arg, int *ivp, VALUE extmod) { VALUE path = r_unique(arg); VALUE m = rb_path_to_class(path); + if (NIL_P(extmod)) extmod = rb_ary_tmp_new(0); if (RB_TYPE_P(m, T_CLASS)) { /* prepended */ VALUE c; @@ -1604,7 +1605,6 @@ r_object0(struct load_arg *arg, int *ivp, VALUE extmod) } else { must_be_module(m, path); - if (NIL_P(extmod)) extmod = rb_ary_tmp_new(0); rb_ary_push(extmod, m); v = r_object0(arg, 0, extmod); @@ -1965,6 +1965,11 @@ r_object0(struct load_arg *arg, int *ivp, VALUE extmod) rb_raise(rb_eArgError, "dump format error(0x%x)", type); break; } + + if (v == Qundef) { + rb_raise(rb_eArgError, "dump format error (bad link)"); + } + return v; } diff --git a/test/ruby/test_marshal.rb b/test/ruby/test_marshal.rb index 8377de2155..e2e321bb41 100644 --- a/test/ruby/test_marshal.rb +++ b/test/ruby/test_marshal.rb @@ -718,4 +718,22 @@ class TestMarshal < Test::Unit::TestCase obj = [str, str] assert_equal(['X', 'X'], Marshal.load(Marshal.dump(obj), ->(v) { v == str ? v.upcase : v })) end + + def test_marshal_load_extended_class_crash + crash = "\x04\be:\x0F\x00omparableo:\vObject\x00" + + opt = %w[--disable=gems] + assert_ruby_status(opt, "Marshal.load(#{crash.dump})") + end + + def test_marshal_load_r_prepare_reference_crash + crash = "\x04\bI/\x05\x00\x06:\x06E{\x06@\x05T" + + opt = %w[--disable=gems] + assert_separately(opt, <<-RUBY) + assert_raise_with_message(ArgumentError, /bad link/) do + Marshal.load(#{crash.dump}) + end + RUBY + end end @@ -1,6 +1,6 @@ #define RUBY_VERSION "2.3.0" #define RUBY_RELEASE_DATE "2016-03-29" -#define RUBY_PATCHLEVEL 37 +#define RUBY_PATCHLEVEL 38 #define RUBY_RELEASE_YEAR 2016 #define RUBY_RELEASE_MONTH 3 |