diff options
author | NAKAMURA Usaku <usa@ruby-lang.org> | 2021-11-24 20:21:17 +0900 |
---|---|---|
committer | NAKAMURA Usaku <usa@ruby-lang.org> | 2021-11-24 20:21:17 +0900 |
commit | f69aeb83146be640995753667fdd6c6f157527f5 (patch) | |
tree | c1c61407f77b0f3ef859d3d46b77bdb5e361a549 /ext/cgi/escape/escape.c | |
parent | b1985629565c3c54b1a64d6faf213e8144857515 (diff) |
merge some parts of CGI 0.1.1v2_7_5
Fix integer overflow
Make use of the check in rb_alloc_tmp_buffer2.
When parsing cookies, only decode the values
Bump version
Diffstat (limited to 'ext/cgi/escape/escape.c')
-rw-r--r-- | ext/cgi/escape/escape.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ext/cgi/escape/escape.c b/ext/cgi/escape/escape.c index 47188819cd..feedea34c8 100644 --- a/ext/cgi/escape/escape.c +++ b/ext/cgi/escape/escape.c @@ -36,7 +36,8 @@ static VALUE optimized_escape_html(VALUE str) { VALUE vbuf; - char *buf = ALLOCV_N(char, vbuf, RSTRING_LEN(str) * HTML_ESCAPE_MAX_LEN); + typedef char escape_buf[HTML_ESCAPE_MAX_LEN]; + char *buf = *ALLOCV_N(escape_buf, vbuf, RSTRING_LEN(str)); const char *cstr = RSTRING_PTR(str); const char *end = cstr + RSTRING_LEN(str); |