diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | parse.y | 4 |
2 files changed, 7 insertions, 2 deletions
@@ -1,3 +1,8 @@ +Fri Jul 22 19:05:47 2011 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * parse.y (rb_enc_symname2_p): get rid of potential out-of-bound + access. + Fri Jul 22 13:55:59 2011 Eric Hodel <drbrain@segment7.net> * lib/net/http.rb: Net::HTTP#finish is used to manually close @@ -9685,7 +9685,7 @@ rb_enc_symname2_p(const char *name, long len, rb_encoding *enc) const char *e = m + len; int localid = FALSE; - if (!m) return FALSE; + if (!m || len <= 0) return FALSE; switch (*m) { case '\0': return FALSE; @@ -9738,8 +9738,8 @@ rb_enc_symname2_p(const char *name, long len, rb_encoding *enc) break; case '!': + if (len == 1) return FALSE; switch (*++m) { - case '\0': return TRUE; case '=': case '~': ++m; break; default: return FALSE; } |