diff options
author | naruse <naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-03-12 16:51:47 +0000 |
---|---|---|
committer | naruse <naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-03-12 16:51:47 +0000 |
commit | a9bd53085a928026806bf8af244532bfb6dd742f (patch) | |
tree | ec5a8fb66db3cfb8370c786ae691418957272d75 /string.c | |
parent | ae996ed47b9367fd0bff98fad37a95624c3868c2 (diff) |
merge revision(s) 57797,57799,57800: [Backport #13289]
string.c: fix integer overflow
* string.c (rb_str_subpos): fix integer overflow which can happen
only when SHARABLE_MIDDLE_SUBSTRING is enabled. incorpolate
https://github.com/mruby/mruby/commit/7db0786abdd243ba031e24683f
string.c: fix integer overflow
* string.c (str_byte_substr): fix another integer overflow which
can happen only when SHARABLE_MIDDLE_SUBSTRING is enabled.
[ruby-core:79951] [Bug #13289]
string.c: negation of LONG_MIN
* string.c (rb_str_update): do not use negation of LONG_MIN, which
is negative too.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@57931 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'string.c')
-rw-r--r-- | string.c | 10 |
1 files changed, 6 insertions, 4 deletions
@@ -2316,7 +2316,7 @@ rb_str_subpos(VALUE str, long beg, long *lenp) beg += blen; if (beg < 0) return 0; } - if (beg + len > blen) + if (len > blen - beg) len = blen - beg; if (len < 0) return 0; p = s + beg; @@ -4365,12 +4365,14 @@ rb_str_update(VALUE str, long beg, long len, VALUE val) rb_raise(rb_eIndexError, "index %ld out of string", beg); } if (beg < 0) { - if (-beg > slen) { + if (beg + slen < 0) { goto out_of_range; } beg += slen; } - if (slen < len || slen < beg + len) { + assert(beg >= 0); + assert(beg <= slen); + if (len > slen - beg) { len = slen - beg; } str_modify_keep_cr(str); @@ -5184,7 +5186,7 @@ str_byte_substr(VALUE str, long beg, long len, int empty) beg += n; if (beg < 0) return Qnil; } - if (beg + len > n) + if (len > n - beg) len = n - beg; if (len <= 0) { if (!empty) return Qnil; |