* ext/syck/syck.c (syck_move_tokens): should reset p->cursor or etc

even if skip == 0. This causes buffer overrun. (ex: YAML.load('--- "..' + '\x82\xA0' * 511 + '"')) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9878 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: ocean <ocean@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2006-02-03 06:11:13 +0000
committer: ocean <ocean@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2006-02-03 06:11:13 +0000
commit: e5e2253fbbfc436770b75acc0d9d1001120fee6a (patch)
tree: d56e50972c87518412b212784274726b580bdb3d
parent: 2debdd1063bcf46190ad263e4e73794e975285c7 (diff)
2 files changed, 6 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index d5b31a99f2..18a92b7fd5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+Fri Feb  3 15:06:50 2006  Hirokazu Yamamoto  <ocean@m2.ccsnet.ne.jp>
+
+	* ext/syck/syck.c (syck_move_tokens): should reset p->cursor or etc
+	  even if skip == 0. This causes buffer overrun.
+	  (ex: YAML.load('--- "..' + '\x82\xA0' * 511 + '"'))
+
 Thu Feb  2 23:51:18 2006  Hirokazu Yamamoto  <ocean@m2.ccsnet.ne.jp>
 
 	* ext/syck/emitter.c (syck_emitter_write): should not set '\0' on
diff --git a/ext/syck/syck.c b/ext/syck/syck.c
index 33f9bf23e8..24a56a5e48 100644
--- a/ext/syck/syck.c
+++ b/ext/syck/syck.c
@@ -410,9 +410,6 @@ syck_move_tokens( SyckParser *p )
         return 0;
 
     skip = p->limit - p->token;
-    if ( skip < 1 )
-        return 0;
-
     if ( ( count = p->token - p->buffer ) )
     {
         S_MEMMOVE( p->buffer, p->token, char, skip );
author	ocean <ocean@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2006-02-03 06:11:13 +0000
committer	ocean <ocean@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2006-02-03 06:11:13 +0000
commit	e5e2253fbbfc436770b75acc0d9d1001120fee6a (patch)
tree	d56e50972c87518412b212784274726b580bdb3d
parent	2debdd1063bcf46190ad263e4e73794e975285c7 (diff)