summaryrefslogtreecommitdiff
path: root/pack.c
diff options
context:
space:
mode:
authornobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2014-07-11 01:09:05 (GMT)
committernobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2014-07-11 01:09:05 (GMT)
commit8a608d2b1f6f0f6422d456255f85bf436fa036e5 (patch)
tree166cd2faebf8fc9582e143ded775a9cba004fe9c /pack.c
parent70451a56edfac7cb226a5401f05cad0fab4c2f7c (diff)
pack.c: fix buffer overrun
* pack.c (encodes): fix buffer overrun by tail_lf. Thanks to Mamoru Tasaka and Tomas Hoger. [ruby-core:63604] [Bug #10019] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46778 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'pack.c')
-rw-r--r--pack.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/pack.c b/pack.c
index a93f7dd..80ffef5 100644
--- a/pack.c
+++ b/pack.c
@@ -945,7 +945,8 @@ static const char b64_table[] =
static void
encodes(VALUE str, const char *s, long len, int type, int tail_lf)
{
- char buff[4096];
+ enum {buff_size = 4096, encoded_unit = 4};
+ char buff[buff_size + 1]; /* +1 for tail_lf */
long i = 0;
const char *trans = type == 'u' ? uu_table : b64_table;
char padding;
@@ -958,7 +959,7 @@ encodes(VALUE str, const char *s, long len, int type, int tail_lf)
padding = '=';
}
while (len >= 3) {
- while (len >= 3 && sizeof(buff)-i >= 4) {
+ while (len >= 3 && buff_size-i >= encoded_unit) {
buff[i++] = trans[077 & (*s >> 2)];
buff[i++] = trans[077 & (((*s << 4) & 060) | ((s[1] >> 4) & 017))];
buff[i++] = trans[077 & (((s[1] << 2) & 074) | ((s[2] >> 6) & 03))];
@@ -966,7 +967,7 @@ encodes(VALUE str, const char *s, long len, int type, int tail_lf)
s += 3;
len -= 3;
}
- if (sizeof(buff)-i < 4) {
+ if (buff_size-i < encoded_unit) {
rb_str_buf_cat(str, buff, i);
i = 0;
}
@@ -986,6 +987,7 @@ encodes(VALUE str, const char *s, long len, int type, int tail_lf)
}
if (tail_lf) buff[i++] = '\n';
rb_str_buf_cat(str, buff, i);
+ if ((size_t)i > sizeof(buff)) rb_bug("encodes() buffer overrun");
}
static const char hex_table[] = "0123456789ABCDEF";