diff options
author | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2019-03-12 22:01:32 +0000 |
---|---|---|
committer | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2019-03-12 22:01:32 +0000 |
commit | b828c95bcac62b96adb64b602fa51cbd1c00b342 (patch) | |
tree | 9a959655f0cba92535326e53aa907758bfbbfc2d /lib/net/http.rb | |
parent | 7244db9da3a02fc5577200ad67a2e132b4a41f26 (diff) |
merge revision(s) 66832: [Backport #15536]
st.c (rb_hash_bulk_insert_into_st_table): avoid out-of-bounds write
"hash_bulk_insert" first expands the table, but the target size was
wrong: it was calculated by "num_entries + (size to buld insert)", but
it was wrong when "num_entries < entries_bound", i.e., it has a deleted
entry. "hash_bulk_insert" adds the given entries from entries_bound,
which led to out-of-bounds write access. [Bug #15536]
As a simple fix, this commit changes the calculation to "entries_bound +
size". I'm afraid if this might be inefficient, but I think it is safe
anyway.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@67236 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib/net/http.rb')
0 files changed, 0 insertions, 0 deletions