* time.c (time_plus): result should not be negative unless

  NEGATIVE_TIME_T is defined.

* time.c (time_new_internal): should check tv_sec overflow too.

* time.c (time_timeval): should check time_t range when time is
  initialized from float.

* time.c (time_plus): uses modf(3).

* variable.c (rb_cvar_set): add frozen class/module check.

* variable.c (rb_cvar_declare): add frozen class/module check.

* re.c (match_to_a): should propagate taint.

* re.c (rb_reg_s_quote): ditto.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@1933 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

1 files changed, 9 insertions, 9 deletions

diff --git a/variable.c b/variable.c
index ce8180f02f..8b9dfaa1d5 100644
--- a/variable.c
+++ b/variable.c
@@ -1459,16 +1459,15 @@ rb_cvar_set(klass, id, val)
 
     tmp = klass;
     while (tmp) {
-	if (RCLASS(tmp)->iv_tbl) {
-	    if (st_lookup(RCLASS(tmp)->iv_tbl,id,0)) {
-		if (!OBJ_TAINTED(tmp) && rb_safe_level() >= 4)
-		    rb_raise(rb_eSecurityError, "Insecure: can't modify class variable");
-		st_insert(RCLASS(tmp)->iv_tbl,id,val);
-		if (ruby_verbose) {
-		    cvar_override_check(id, tmp);
-		}
-		return;
+	if (RCLASS(tmp)->iv_tbl && st_lookup(RCLASS(tmp)->iv_tbl,id,0)) {
+	    if (OBJ_FROZEN(tmp)) rb_error_frozen("class/module");
+	    if (!OBJ_TAINTED(tmp) && rb_safe_level() >= 4)
+		rb_raise(rb_eSecurityError, "Insecure: can't modify class variable");
+	    st_insert(RCLASS(tmp)->iv_tbl,id,val);
+	    if (ruby_verbose) {
+		cvar_override_check(id, tmp);
 	    }
+	    return;
 	}
 	tmp = RCLASS(tmp)->super;
     }
@@ -1488,6 +1487,7 @@ rb_cvar_declare(klass, id, val)
     tmp = klass;
     while (tmp) {
 	if (RCLASS(tmp)->iv_tbl && st_lookup(RCLASS(tmp)->iv_tbl,id,0)) {
+	    if (OBJ_FROZEN(tmp)) rb_error_frozen("class/module");
 	    if (!OBJ_TAINTED(tmp) && rb_safe_level() >= 4)
 		rb_raise(rb_eSecurityError, "Insecure: can't modify class variable");
 	    if (ruby_verbose && klass != tmp) {