diff options
author | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2005-07-19 08:25:39 +0000 |
---|---|---|
committer | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2005-07-19 08:25:39 +0000 |
commit | 5b7e24d744340345c11578911e3f1fa4ab0fb9cc (patch) | |
tree | e91a96aa41166abd1bd8c531fb548999fde63869 /eval.c | |
parent | 0a5aab8679ca7d876f064f8fa1633d92a30cc346 (diff) |
* io.c (rb_io_inspect): replace sprintf() with "%s" format all
over the place by snprintf() to avoid integer overflow.
* sample/svr.rb: service can be stopped by ill-behaved client; use
tsvr.rb instead.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@8799 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'eval.c')
-rw-r--r-- | eval.c | 19 |
1 files changed, 12 insertions, 7 deletions
@@ -650,6 +650,7 @@ rb_attr(klass, id, read, write, ex) char *buf; ID attriv; int noex; + size_t len; if (!ex) noex = NOEX_PUBLIC; else { @@ -674,8 +675,9 @@ rb_attr(klass, id, read, write, ex) if (!name) { rb_raise(rb_eArgError, "argument needs to be symbol or string"); } - buf = ALLOCA_N(char,strlen(name)+2); - sprintf(buf, "@%s", name); + len = strlen(name)+2; + buf = ALLOCA_N(char,len); + snprintf(buf, len, "@%s", name); attriv = rb_intern(buf); if (read) { rb_add_method(klass, id, NEW_IVAR(attriv), noex); @@ -8508,12 +8510,14 @@ proc_to_s(self) if ((node = data->frame.node) || (node = data->body)) { len += strlen(node->nd_file) + 2 + (SIZEOF_LONG*CHAR_BIT-NODE_LSHIFT)/3; str = rb_str_new(0, len); - sprintf(RSTRING(str)->ptr, "#<%s:0x%.*lx@%s:%d>", cname, w, (VALUE)data->body, - node->nd_file, nd_line(node)); + snprintf(RSTRING(str)->ptr, len, + "#<%s:0x%.*lx@%s:%d>", cname, w, (VALUE)data->body, + node->nd_file, nd_line(node)); } else { str = rb_str_new(0, len); - sprintf(RSTRING(str)->ptr, "#<%s:0x%.*lx>", cname, w, (VALUE)data->body); + snprintf(RSTRING(str)->ptr, len, + "#<%s:0x%.*lx>", cname, w, (VALUE)data->body); } RSTRING(str)->len = strlen(RSTRING(str)->ptr); if (OBJ_TAINTED(self)) OBJ_TAINT(str); @@ -12262,9 +12266,10 @@ rb_thread_inspect(thread) rb_thread_t th = rb_thread_check(thread); const char *status = thread_status_name(th->status); VALUE str; + size_t len = strlen(cname)+7+16+9+1; - str = rb_str_new(0, strlen(cname)+7+16+9+1); /* 7:tags 16:addr 9:status 1:nul */ - sprintf(RSTRING(str)->ptr, "#<%s:0x%lx %s>", cname, thread, status); + str = rb_str_new(0, len); /* 7:tags 16:addr 9:status 1:nul */ + snprintf(RSTRING(str)->ptr, len, "#<%s:0x%lx %s>", cname, thread, status); RSTRING(str)->len = strlen(RSTRING(str)->ptr); OBJ_INFECT(str, thread); |