summaryrefslogtreecommitdiff
path: root/strftime.c
diff options
context:
space:
mode:
authornobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2016-06-14 13:22:09 +0000
committernobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2016-06-14 13:22:09 +0000
commit0c22cfd0ceded88fcd1c7e711841caab7bdcf73e (patch)
tree08e5d55f03a0dc738872584d3699ec736a08cedd /strftime.c
parent0a97832e6ac6a5fa68c2185da6e8c07a7d4299b6 (diff)
strftime.c: limit result size
* strftime.c (rb_strftime_with_timespec): limit the result string size by the format length, to get rid of unlimited memory use. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55412 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'strftime.c')
-rw-r--r--strftime.c56
1 files changed, 49 insertions, 7 deletions
diff --git a/strftime.c b/strftime.c
index 542091d874..42e733818c 100644
--- a/strftime.c
+++ b/strftime.c
@@ -162,10 +162,14 @@ enum {LEFT, CHCASE, LOWER, UPPER};
static char *
resize_buffer(VALUE ftime, char *s, const char **start, const char **endp,
- ptrdiff_t n)
+ ptrdiff_t n, size_t maxsize)
{
size_t len = s - *start;
size_t nlen = len + n * 2;
+
+ if (nlen < len || nlen > maxsize) {
+ return 0;
+ }
rb_str_set_len(ftime, len);
rb_str_modify_expand(ftime, nlen-len);
s = RSTRING_PTR(ftime);
@@ -174,6 +178,18 @@ resize_buffer(VALUE ftime, char *s, const char **start, const char **endp,
return s += len;
}
+static void
+buffer_size_check(const char *s,
+ const char *format_end, size_t format_len,
+ rb_encoding *enc)
+{
+ if (!s) {
+ const char *format = format_end-format_len;
+ VALUE fmt = rb_enc_str_new(format, format_len, enc);
+ rb_syserr_fail_str(ERANGE, fmt);
+ }
+}
+
static char *
case_conv(char *s, ptrdiff_t i, int flags)
{
@@ -211,7 +227,7 @@ format_value(VALUE val, int base)
static VALUE
rb_strftime_with_timespec(VALUE ftime, const char *format, size_t format_len,
rb_encoding *enc, const struct vtm *vtm, VALUE timev,
- struct timespec *ts, int gmt)
+ struct timespec *ts, int gmt, size_t maxsize)
{
size_t len = RSTRING_LEN(ftime);
char *s = RSTRING_PTR(ftime);
@@ -262,8 +278,10 @@ rb_strftime_with_timespec(VALUE ftime, const char *format, size_t format_len,
goto unknown; \
} while (0)
#define NEEDS(n) do { \
- if (s >= endp || (n) >= endp - s - 1) \
- s = resize_buffer(ftime, s, &start, &endp, (n)); \
+ if (s >= endp || (n) >= endp - s - 1) { \
+ s = resize_buffer(ftime, s, &start, &endp, (n), maxsize); \
+ buffer_size_check(s, format_end, format_len, enc); \
+ } \
} while (0)
#define FILL_PADDING(i) do { \
if (!(flags & BIT_OF(LEFT)) && precision > (i)) { \
@@ -298,7 +316,8 @@ rb_strftime_with_timespec(VALUE ftime, const char *format, size_t format_len,
do { \
len = s - start; \
rb_str_set_len(ftime, len); \
- if (!rb_strftime_with_timespec(ftime, (fmt), rb_strlen_lit(fmt), enc, vtm, timev, ts, gmt)) \
+ if (!rb_strftime_with_timespec(ftime, (fmt), rb_strlen_lit(fmt), \
+ enc, vtm, timev, ts, gmt, maxsize)) \
return 0; \
s = RSTRING_PTR(ftime); \
i = RSTRING_LEN(ftime) - len; \
@@ -881,13 +900,23 @@ rb_strftime_with_timespec(VALUE ftime, const char *format, size_t format_len,
return ftime;
}
+static size_t
+strftime_size_limit(size_t format_len)
+{
+ size_t limit = format_len * (1*1024*1024);
+ if (limit < format_len) limit = format_len;
+ else if (limit < 1024) limit = 1024;
+ return limit;
+}
+
VALUE
rb_strftime(const char *format, size_t format_len,
rb_encoding *enc, const struct vtm *vtm, VALUE timev, int gmt)
{
VALUE result = rb_enc_str_new(0, 0, enc);
return rb_strftime_with_timespec(result, format, format_len, enc,
- vtm, timev, NULL, gmt);
+ vtm, timev, NULL, gmt,
+ strftime_size_limit(format_len));
}
VALUE
@@ -896,8 +925,21 @@ rb_strftime_timespec(const char *format, size_t format_len,
{
VALUE result = rb_enc_str_new(0, 0, enc);
return rb_strftime_with_timespec(result, format, format_len, enc,
- vtm, Qnil, ts, gmt);
+ vtm, Qnil, ts, gmt,
+ strftime_size_limit(format_len));
+}
+
+#if 0
+VALUE
+rb_strftime_limit(const char *format, size_t format_len,
+ rb_encoding *enc, const struct vtm *vtm, struct timespec *ts,
+ int gmt, size_t maxsize)
+{
+ VALUE result = rb_enc_str_new(0, 0, enc);
+ return rb_strftime_with_timespec(result, format, format_len, enc,
+ vtm, Qnil, ts, gmt, maxsize);
}
+#endif
/* isleap --- is a year a leap year? */