summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authornobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2015-12-13 09:23:36 +0000
committernobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2015-12-13 09:23:36 +0000
commitb2d3c6a86fdde1df115a039aaed49fa11cc03a9f (patch)
treed2dc18fc152dadbc6c43a86c9bd25575881c0584
parent739d9a37cb03f01dc92b9e4f401e6cd83b6e1ab8 (diff)
tkutil.c: check args
* ext/tk/tkutil/tkutil.c (cbsubst_table_setup): check types of argument elements. reported by Marcin 'Icewall' Noga of Cisco Talos. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53075 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r--ChangeLog6
-rw-r--r--ext/tk/tkutil/tkutil.c27
2 files changed, 24 insertions, 9 deletions
diff --git a/ChangeLog b/ChangeLog
index 19174af..cc8f423 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+Sun Dec 13 18:23:37 2015 Nobuyoshi Nakada <nobu@ruby-lang.org>
+
+ * ext/tk/tkutil/tkutil.c (cbsubst_table_setup): check types of
+ argument elements. reported by Marcin 'Icewall' Noga of Cisco
+ Talos.
+
Sun Dec 13 18:19:20 2015 Nobuyoshi Nakada <nobu@ruby-lang.org>
* ext/win32ole/win32ole.c (ole_vstr2wc): check argument type, vstr
diff --git a/ext/tk/tkutil/tkutil.c b/ext/tk/tkutil/tkutil.c
index 7dbbc0d..adc14c0 100644
--- a/ext/tk/tkutil/tkutil.c
+++ b/ext/tk/tkutil/tkutil.c
@@ -1564,7 +1564,7 @@ cbsubst_table_setup(argc, argv, self)
volatile VALUE key_inf;
volatile VALUE longkey_inf;
volatile VALUE proc_inf;
- VALUE inf;
+ VALUE inf, subst, name, type, ivar, proc;
const VALUE *infp;
ID id;
struct cbsubst_info *subst_inf;
@@ -1598,14 +1598,18 @@ cbsubst_table_setup(argc, argv, self)
for(idx = 0; idx < len; idx++) {
inf = RARRAY_AREF(key_inf, idx);
if (!RB_TYPE_P(inf, T_ARRAY)) continue;
+ if (RARRAY_LEN(inf) < 3) continue;
infp = RARRAY_CONST_PTR(inf);
+ subst = infp[0];
+ type = infp[1];
+ ivar = infp[2];
- chr = NUM2CHR(infp[0]);
- subst_inf->type[chr] = NUM2CHR(infp[1]);
+ chr = NUM2CHR(subst);
+ subst_inf->type[chr] = NUM2CHR(type);
subst_inf->full_subst_length += 3;
- id = SYM2ID(infp[2]);
+ id = SYM2ID(ivar);
subst_inf->ivar[chr] = rb_intern_str(rb_sprintf("@%"PRIsVALUE, rb_id2str(id)));
rb_attr(self, id, 1, 0, Qtrue);
@@ -1622,17 +1626,22 @@ cbsubst_table_setup(argc, argv, self)
for(idx = 0; idx < len; idx++) {
inf = RARRAY_AREF(longkey_inf, idx);
if (!RB_TYPE_P(inf, T_ARRAY)) continue;
+ if (RARRAY_LEN(inf) < 3) continue;
infp = RARRAY_CONST_PTR(inf);
+ name = infp[0];
+ type = infp[1];
+ ivar = infp[2];
+ Check_Type(name, T_STRING);
chr = (unsigned char)(0x80 + idx);
- subst_inf->keylen[chr] = RSTRING_LEN(infp[0]);
- subst_inf->key[chr] = strndup(RSTRING_PTR(infp[0]),
- RSTRING_LEN(infp[0]));
- subst_inf->type[chr] = NUM2CHR(infp[1]);
+ subst_inf->keylen[chr] = RSTRING_LEN(name);
+ subst_inf->key[chr] = strndup(RSTRING_PTR(name),
+ RSTRING_LEN(name));
+ subst_inf->type[chr] = NUM2CHR(type);
subst_inf->full_subst_length += (subst_inf->keylen[chr] + 2);
- id = SYM2ID(infp[2]);
+ id = SYM2ID(ivar);
subst_inf->ivar[chr] = rb_intern_str(rb_sprintf("@%"PRIsVALUE, rb_id2str(id)));
rb_attr(self, id, 1, 0, Qtrue);