summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authornobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2010-08-05 03:39:19 +0000
committernobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2010-08-05 03:39:19 +0000
commitae824807055802a812a23f19cd1a5086223df11d (patch)
treeabbfe40afb841de24e94965ddd9ca96b58319413
parenta2ebc53ec49b0fe42c3fe91dba13e3400a93ade7 (diff)
* string.c (str_make_independent_expand): fix buffer overflow
while shrinking. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@28863 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r--ChangeLog5
-rw-r--r--string.c3
2 files changed, 7 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 45f11b6..de31339 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Thu Aug 5 12:39:14 2010 Nobuyoshi Nakada <nobu@ruby-lang.org>
+
+ * string.c (str_make_independent_expand): fix buffer overflow
+ while shrinking.
+
Thu Aug 5 06:42:31 2010 Tanaka Akira <akr@fsij.org>
* file.c (realpath_rec): call rb_str_modify before rb_str_set_len.
diff --git a/string.c b/string.c
index d27c67a..865de57 100644
--- a/string.c
+++ b/string.c
@@ -1271,8 +1271,9 @@ str_make_independent_expand(VALUE str, long expand)
ptr = ALLOC_N(char, len+expand+1);
if (RSTRING_PTR(str)) {
- memcpy(ptr, RSTRING_PTR(str), len);
+ memcpy(ptr, RSTRING_PTR(str), expand < 0 ? len + expand : len);
}
+ len += expand;
STR_SET_NOEMBED(str);
ptr[len] = 0;
RSTRING(str)->as.heap.ptr = ptr;