diff options
author | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2019-09-27 11:23:18 +0000 |
---|---|---|
committer | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2019-09-27 11:23:18 +0000 |
commit | 641e3843419b7a6587c0d5a0562c022c97d31af1 (patch) | |
tree | e2a7387237310cd421924c362042ff81192e2bb1 /version.h | |
parent | a165a066e8f976a79256188c53e0e60f11c98607 (diff) |
merge revision(s) 93faa011d393bb4b5cf31a0cbb46922f0a5e7cdc: [Backport #16151]
Tag string shared roots to fix use-after-free
The buffer deduplication codepath in rb_fstring can be used to free the buffer
of shared string roots, which leads to use-after-free.
Introudce a new flag to tag strings that at one point have been a shared root.
Check for it in rb_fstring to avoid freeing buffers that are shared by
multiple strings. This change is based on nobu's idea in [ruby-core:94838].
The included test case test for the sequence of calls to internal functions
that lead to this bug. See attached ticket for Ruby level repros.
[Bug #16151]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67804 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'version.h')
-rw-r--r-- | version.h | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -1,10 +1,10 @@ #define RUBY_VERSION "2.6.5" #define RUBY_RELEASE_DATE RUBY_RELEASE_YEAR_STR"-"RUBY_RELEASE_MONTH_STR"-"RUBY_RELEASE_DAY_STR -#define RUBY_PATCHLEVEL 108 +#define RUBY_PATCHLEVEL 109 #define RUBY_RELEASE_YEAR 2019 #define RUBY_RELEASE_MONTH 9 -#define RUBY_RELEASE_DAY 14 +#define RUBY_RELEASE_DAY 27 #include "ruby/version.h" |