diff options
author | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2005-07-19 08:25:39 +0000 |
---|---|---|
committer | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2005-07-19 08:25:39 +0000 |
commit | 5b7e24d744340345c11578911e3f1fa4ab0fb9cc (patch) | |
tree | e91a96aa41166abd1bd8c531fb548999fde63869 /error.c | |
parent | 0a5aab8679ca7d876f064f8fa1633d92a30cc346 (diff) |
* io.c (rb_io_inspect): replace sprintf() with "%s" format all
over the place by snprintf() to avoid integer overflow.
* sample/svr.rb: service can be stopped by ill-behaved client; use
tsvr.rb instead.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@8799 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'error.c')
-rw-r--r-- | error.c | 5 |
1 files changed, 3 insertions, 2 deletions
@@ -907,9 +907,10 @@ syserr_initialize(argc, argv, self) else err = "unknown error"; if (!NIL_P(mesg)) { VALUE str = mesg; + size_t len = strlen(err)+RSTRING(str)->len+3; StringValue(str); - mesg = rb_str_new(0, strlen(err)+RSTRING(str)->len+3); - sprintf(RSTRING(mesg)->ptr, "%s - %.*s", err, + mesg = rb_str_new(0, len); + snprintf(RSTRING(mesg)->ptr, len, "%s - %.*s", err, (int)RSTRING(str)->len, RSTRING(str)->ptr); rb_str_resize(mesg, strlen(RSTRING(mesg)->ptr)); } |