summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authornobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2008-06-20 06:42:07 +0000
committernobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2008-06-20 06:42:07 +0000
commite1a45b10b6165c8fec505180a52c4ce58fb21e91 (patch)
treea957464b0296925ad853bef9e9ed67a612ae9774
parent72dd5fdc47e1ec78055cd4028b032ea62d50d8c9 (diff)
* array.c (rb_ary_store, rb_ary_splice): not depend on unspecified
behavior at integer overflow. * string.c (str_buf_cat): ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@17472 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r--array.c6
-rw-r--r--string.c70
2 files changed, 30 insertions, 46 deletions
diff --git a/array.c b/array.c
index 46fd050..783e5a5 100644
--- a/array.c
+++ b/array.c
@@ -383,7 +383,7 @@ rb_ary_store(VALUE ary, long idx, VALUE val)
if (new_capa < ARY_DEFAULT_SIZE) {
new_capa = ARY_DEFAULT_SIZE;
}
- else if (new_capa >= ARY_MAX_SIZE - idx) {
+ if (new_capa >= ARY_MAX_SIZE - idx) {
new_capa = (ARY_MAX_SIZE - idx) / 2;
}
new_capa += idx;
@@ -986,10 +986,10 @@ rb_ary_splice(VALUE ary, long beg, long len, VALUE rpl)
}
rb_ary_modify(ary);
if (beg >= RARRAY_LEN(ary)) {
- len = beg + rlen;
- if (len < 0 || len > ARY_MAX_SIZE) {
+ if (beg > ARY_MAX_SIZE - rlen) {
rb_raise(rb_eIndexError, "index %ld too big", beg);
}
+ len = beg + rlen;
if (len >= ARY_CAPA(ary)) {
RESIZE_CAPA(ary, len);
}
diff --git a/string.c b/string.c
index c683fa1..3014359 100644
--- a/string.c
+++ b/string.c
@@ -1394,16 +1394,16 @@ rb_str_resize(VALUE str, long len)
return str;
}
-VALUE
-rb_str_buf_cat(VALUE str, const char *ptr, long len)
+static long
+str_buf_cat(VALUE str, const char *ptr, long len)
{
- long capa, total;
+ long capa, total, off = -1;
- if (len == 0) return str;
- if (len < 0) {
- rb_raise(rb_eArgError, "negative string size (or size too big)");
+ if (ptr >= RSTRING_PTR(str) && ptr <= RSTRING_END(str)) {
+ off = ptr - RSTRING_PTR(str);
}
rb_str_modify(str);
+ if (len == 0) return 0;
if (STR_ASSOC_P(str)) {
FL_UNSET(str, STR_ASSOC);
capa = RSTRING(str)->as.heap.aux.capa = RSTRING_LEN(str);
@@ -1414,13 +1414,23 @@ rb_str_buf_cat(VALUE str, const char *ptr, long len)
else {
capa = RSTRING(str)->as.heap.aux.capa;
}
+ if (RSTRING_LEN(str) >= LONG_MAX - len) {
+ rb_raise(rb_eArgError, "string sizes too big");
+ }
total = RSTRING_LEN(str)+len;
if (capa <= total) {
while (total > capa) {
+ if (capa + 1 >= LONG_MAX / 2) {
+ capa = (total + 4095) / 4096;
+ break;
+ }
capa = (capa + 1) * 2;
}
RESIZE_CAPA(str, capa);
}
+ if (off != -1) {
+ ptr = RSTRING_PTR(str) + off;
+ }
memcpy(RSTRING_PTR(str) + RSTRING_LEN(str), ptr, len);
STR_SET_LEN(str, total);
RSTRING_PTR(str)[total] = '\0'; /* sentinel */
@@ -1429,6 +1439,16 @@ rb_str_buf_cat(VALUE str, const char *ptr, long len)
}
VALUE
+rb_str_buf_cat(VALUE str, const char *ptr, long len)
+{
+ if (len == 0) return str;
+ if (len < 0) {
+ rb_raise(rb_eArgError, "negative string size (or size too big)");
+ }
+ return str_buf_cat(str, ptr, len);
+}
+
+VALUE
rb_str_buf_cat2(VALUE str, const char *ptr)
{
return rb_str_buf_cat(str, ptr, strlen(ptr));
@@ -1463,8 +1483,6 @@ static VALUE
rb_enc_cr_str_buf_cat(VALUE str, const char *ptr, long len,
int ptr_encindex, int ptr_cr, int *ptr_cr_ret)
{
- long capa, total, off = -1;
-
int str_encindex = ENCODING_GET(str);
int res_encindex;
int str_cr, res_cr;
@@ -1543,41 +1561,7 @@ rb_enc_cr_str_buf_cat(VALUE str, const char *ptr, long len,
if (len < 0) {
rb_raise(rb_eArgError, "negative string size (or size too big)");
}
- if (ptr >= RSTRING_PTR(str) && ptr <= RSTRING_END(str)) {
- off = ptr - RSTRING_PTR(str);
- }
- rb_str_modify(str);
- if (len == 0) {
- ENCODING_CODERANGE_SET(str, res_encindex, res_cr);
- return str;
- }
- if (STR_ASSOC_P(str)) {
- FL_UNSET(str, STR_ASSOC);
- capa = RSTRING(str)->as.heap.aux.capa = RSTRING_LEN(str);
- }
- else if (STR_EMBED_P(str)) {
- capa = RSTRING_EMBED_LEN_MAX;
- }
- else {
- capa = RSTRING(str)->as.heap.aux.capa;
- }
- total = RSTRING_LEN(str)+len;
- if (total < 0 || capa + 1 > LONG_MAX / 2) {
- rb_raise(rb_eArgError, "string sizes too big");
- }
- if (capa <= total) {
- while (total > capa) {
- capa = (capa + 1) * 2;
- }
- RESIZE_CAPA(str, capa);
- }
- if (off != -1) {
- ptr = RSTRING_PTR(str) + off;
- }
- memcpy(RSTRING_PTR(str) + RSTRING_LEN(str), ptr, len);
- STR_SET_LEN(str, total);
- RSTRING_PTR(str)[total] = '\0'; /* sentinel */
-
+ str_buf_cat(str, ptr, len);
ENCODING_CODERANGE_SET(str, res_encindex, res_cr);
return str;
}