diff options
| author | Nobuyoshi Nakada <nobu@ruby-lang.org> | 2025-10-12 13:50:53 +0900 |
|---|---|---|
| committer | git <svn-admin@ruby-lang.org> | 2025-10-12 04:57:43 +0000 |
| commit | 7cc3191ea1d8cb637e65cd6c2e9229de0e627643 (patch) | |
| tree | d56758e06adc4948b847d68ca039fbc6e12b88ba | |
| parent | 6be2a5104df894079d127d2cdc19b21c4f174d85 (diff) | |
[ruby/erb] Fix integer overflow
Fix https://github.com/ruby/erb/pull/87
https://github.com/ruby/erb/commit/75764f022b
| -rw-r--r-- | ext/erb/escape/escape.c | 4 | ||||
| -rw-r--r-- | test/erb/test_erb.rb | 3 |
2 files changed, 5 insertions, 2 deletions
diff --git a/ext/erb/escape/escape.c b/ext/erb/escape/escape.c index a46fe236c0..9437e9694e 100644 --- a/ext/erb/escape/escape.c +++ b/ext/erb/escape/escape.c @@ -49,7 +49,7 @@ optimized_escape_html(VALUE str) const unsigned char c = *cstr++; uint8_t len = html_escape_table[c].len; if (len) { - uint16_t segment_len = cstr - segment_start - 1; + size_t segment_len = cstr - segment_start - 1; if (!buf) { buf = ALLOCV_N(char, vbuf, escaped_length(str)); dest = buf; @@ -64,7 +64,7 @@ optimized_escape_html(VALUE str) } } if (buf) { - uint16_t segment_len = cstr - segment_start; + size_t segment_len = cstr - segment_start; if (segment_len) { memcpy(dest, segment_start, segment_len); dest += segment_len; diff --git a/test/erb/test_erb.rb b/test/erb/test_erb.rb index 24f6cc5d89..c0df690cce 100644 --- a/test/erb/test_erb.rb +++ b/test/erb/test_erb.rb @@ -77,6 +77,9 @@ class TestERB < Test::Unit::TestCase assert_equal("", ERB::Util.html_escape(nil)) assert_equal("123", ERB::Util.html_escape(123)) + + assert_equal(65536+5, ERB::Util.html_escape("x"*65536 + "&").size) + assert_equal(65536+5, ERB::Util.html_escape("&" + "x"*65536).size) end def test_html_escape_to_s |
