diff options
author | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2016-04-06 16:15:59 +0000 |
---|---|---|
committer | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2016-04-06 16:15:59 +0000 |
commit | 58f77932a45873d691d9dab1f042da45822bd991 (patch) | |
tree | 6979e901bb0087cb34862042acad2dd13a9a1cac /sprintf.c | |
parent | d309921ea54b54086ca20e57ab188528ef63023f (diff) |
merge revision(s) 54304: [Backport #12223]
* sprintf.c (rb_str_format): fix buffer overflow, length must be
greater than precision. reported by William Bowling <will AT
wbowling.info>.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@54505 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'sprintf.c')
-rw-r--r-- | sprintf.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -1067,7 +1067,7 @@ rb_str_format(int argc, const VALUE *argv, VALUE fmt) } val = rb_obj_as_string(num); len = RSTRING_LEN(val) + zero; - if (prec >= len) ++len; /* integer part 0 */ + if (prec >= len) len = prec + 1; /* integer part 0 */ if (sign || (flags&FSPACE)) ++len; if (prec > 0) ++len; /* period */ CHECK(len > width ? len : width); |