Fix integer overflowv3_0_3

Make use of the check in rb_alloc_tmp_buffer2. https://hackerone.com/reports/1328463 When parsing cookies, only decode the values Bump version Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org> Co-authored-by: Yusuke Endoh <mame@ruby-lang.org>
author: nagachika <nagachika@ruby-lang.org> 2021-11-24 20:12:15 +0900
committer: nagachika <nagachika@ruby-lang.org> 2021-11-24 20:12:15 +0900
commit: 3fb7d2cadc18472ec107b14234933b017a33c14d (patch)
tree: ac6356f874ec593962c139d4082e7944d21cc5d4 /ext/cgi/escape/escape.c
parent: 02dfd5a7100841f61ba0bc976339d0ad7c76437f (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/ext/cgi/escape/escape.c b/ext/cgi/escape/escape.c
index 77627e2f03..d001eacd90 100644
--- a/ext/cgi/escape/escape.c
+++ b/ext/cgi/escape/escape.c
@@ -36,7 +36,8 @@ static VALUE
 optimized_escape_html(VALUE str)
 {
     VALUE vbuf;
-    char *buf = ALLOCV_N(char, vbuf, RSTRING_LEN(str) * HTML_ESCAPE_MAX_LEN);
+    typedef char escape_buf[HTML_ESCAPE_MAX_LEN];
+    char *buf = *ALLOCV_N(escape_buf, vbuf, RSTRING_LEN(str));
     const char *cstr = RSTRING_PTR(str);
     const char *end = cstr + RSTRING_LEN(str);
author	nagachika <nagachika@ruby-lang.org>	2021-11-24 20:12:15 +0900
committer	nagachika <nagachika@ruby-lang.org>	2021-11-24 20:12:15 +0900
commit	3fb7d2cadc18472ec107b14234933b017a33c14d (patch)
tree	ac6356f874ec593962c139d4082e7944d21cc5d4 /ext/cgi/escape/escape.c
parent	02dfd5a7100841f61ba0bc976339d0ad7c76437f (diff)