diff options
author | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2016-06-15 16:05:04 +0000 |
---|---|---|
committer | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2016-06-15 16:05:04 +0000 |
commit | e117afcb70719022a362b0ae3433dddc1944def5 (patch) | |
tree | f8f1d9405d63249282888176efb06882746021e7 | |
parent | 13f618f1ed08ebe182c3bf2e4948fd3be2a2be3d (diff) |
merge revision(s) 55054: [Backport #12390]
* string.c (rb_str_modify_expand): check integer overflow.
[ruby-core:75592] [Bug #12390]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@55426 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | string.c | 3 | ||||
-rw-r--r-- | test/-ext-/string/test_modify_expand.rb | 9 | ||||
-rw-r--r-- | version.h | 2 |
4 files changed, 18 insertions, 1 deletions
@@ -1,3 +1,8 @@ +Thu Jun 16 00:42:56 2016 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * string.c (rb_str_modify_expand): check integer overflow. + [ruby-core:75592] [Bug #12390] + Thu Jun 16 00:29:29 2016 Nobuyoshi Nakada <nobu@ruby-lang.org> * vm_insnhelper.c (vm_get_ev_const): warn deprecated constant even @@ -1820,6 +1820,9 @@ rb_str_modify_expand(VALUE str, long expand) else if (expand > 0) { long len = RSTRING_LEN(str); long capa = len + expand; + if (expand >= LONG_MAX - len - termlen) { + rb_raise(rb_eArgError, "string size too big"); + } if (!STR_EMBED_P(str)) { REALLOC_N(RSTRING(str)->as.heap.ptr, char, capa + termlen); RSTRING(str)->as.heap.aux.capa = capa; diff --git a/test/-ext-/string/test_modify_expand.rb b/test/-ext-/string/test_modify_expand.rb index 5eb7a02b91..d3f5a17037 100644 --- a/test/-ext-/string/test_modify_expand.rb +++ b/test/-ext-/string/test_modify_expand.rb @@ -13,4 +13,13 @@ class Test_StringModifyExpand < Test::Unit::TestCase s.replace("") CMD end + + def test_integer_overflow + bug12390 = '[ruby-core:75592] [Bug #12390]' + s = Bug::String.new + long_max = (1 << (8 * RbConfig::SIZEOF['long'] - 1)) - 1 + assert_raise(ArgumentError, bug12390) { + s.modify_expand!(long_max) + } + end end @@ -1,6 +1,6 @@ #define RUBY_VERSION "2.3.2" #define RUBY_RELEASE_DATE "2016-06-16" -#define RUBY_PATCHLEVEL 131 +#define RUBY_PATCHLEVEL 132 #define RUBY_RELEASE_YEAR 2016 #define RUBY_RELEASE_MONTH 6 |