diff options
author | nagachika <nagachika@ruby-lang.org> | 2022-03-12 16:36:40 +0900 |
---|---|---|
committer | nagachika <nagachika@ruby-lang.org> | 2022-03-12 16:36:40 +0900 |
commit | bac99c5175bf58815846f9987093a6d944d07fd3 (patch) | |
tree | c24d147333dd518828db4a58ccdb20395945ea65 /include | |
parent | 7c0537906314f0c2a317b37661ccdec8dddc6277 (diff) |
merge revision(s) bcc2bb28b04054106f4a36e8fd69b2af6ecb033a: [Backport #18500]
Fix stack buffer overflow
https://hackerone.com/reports/1306859
---
include/ruby/internal/memory.h | 6 +++---
random.c | 7 ++-----
2 files changed, 5 insertions(+), 8 deletions(-)
Diffstat (limited to 'include')
-rw-r--r-- | include/ruby/internal/memory.h | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/include/ruby/internal/memory.h b/include/ruby/internal/memory.h index 7d24df4945..64f3101fc2 100644 --- a/include/ruby/internal/memory.h +++ b/include/ruby/internal/memory.h @@ -110,18 +110,18 @@ extern void *alloca(); ((var) = RBIMPL_CAST((type *)ruby_xrealloc2((void *)(var), (n), sizeof(type)))) #define ALLOCA_N(type,n) \ - RBIMPL_CAST((type *)alloca(rbimpl_size_mul_or_raise(sizeof(type), (n)))) + RBIMPL_CAST((type *)(!(n) ? NULL : alloca(rbimpl_size_mul_or_raise(sizeof(type), (n))))) /* allocates _n_ bytes temporary buffer and stores VALUE including it * in _v_. _n_ may be evaluated twice. */ #define RB_ALLOCV(v, n) \ ((n) < RUBY_ALLOCV_LIMIT ? \ - ((v) = 0, alloca(n)) : \ + ((v) = 0, !(n) ? NULL : alloca(n)) : \ rb_alloc_tmp_buffer(&(v), (n))) #define RB_ALLOCV_N(type, v, n) \ RBIMPL_CAST((type *) \ (((size_t)(n) < RUBY_ALLOCV_LIMIT / sizeof(type)) ? \ - ((v) = 0, alloca((n) * sizeof(type))) : \ + ((v) = 0, !(n) ? NULL : alloca((n) * sizeof(type))) : \ rb_alloc_tmp_buffer2(&(v), (n), sizeof(type)))) #define RB_ALLOCV_END(v) rb_free_tmp_buffer(&(v)) |