summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog7
-rw-r--r--array.c6
-rw-r--r--string.c56
-rw-r--r--version.h2
4 files changed, 34 insertions, 37 deletions
diff --git a/ChangeLog b/ChangeLog
index 04956f2..4253640 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+Fri Jun 20 16:33:09 2008 Nobuyoshi Nakada <nobu@ruby-lang.org>
+
+ * array.c (rb_ary_store, rb_ary_splice): not depend on unspecified
+ behavior at integer overflow.
+
+ * string.c (str_buf_cat): ditto.
+
Wed Jun 18 22:24:46 2008 URABE Shyouhei <shyouhei@ruby-lang.org>
* array.c (ary_new, rb_ary_initialize, rb_ary_store,
diff --git a/array.c b/array.c
index fda2c24..9814722 100644
--- a/array.c
+++ b/array.c
@@ -391,7 +391,7 @@ rb_ary_store(ary, idx, val)
if (new_capa < ARY_DEFAULT_SIZE) {
new_capa = ARY_DEFAULT_SIZE;
}
- else if (new_capa >= ARY_MAX_SIZE - idx) {
+ if (new_capa >= ARY_MAX_SIZE - idx) {
new_capa = (ARY_MAX_SIZE - idx) / 2;
}
new_capa += idx;
@@ -1094,10 +1094,10 @@ rb_ary_splice(ary, beg, len, rpl)
rb_ary_modify(ary);
if (beg >= RARRAY(ary)->len) {
- len = beg + rlen;
- if (len < 0 || len > ARY_MAX_SIZE) {
+ if (beg > ARY_MAX_SIZE - rlen) {
rb_raise(rb_eIndexError, "index %ld too big", beg);
}
+ len = beg + rlen;
if (len >= RARRAY(ary)->aux.capa) {
REALLOC_N(RARRAY(ary)->ptr, VALUE, len);
RARRAY(ary)->aux.capa = len;
diff --git a/string.c b/string.c
index fab5d0b..1f2db9b 100644
--- a/string.c
+++ b/string.c
@@ -702,18 +702,14 @@ rb_str_resize(str, len)
return str;
}
-VALUE
-rb_str_buf_cat(str, ptr, len)
+static VALUE
+str_buf_cat(str, ptr, len)
VALUE str;
const char *ptr;
long len;
{
long capa, total;
- if (len == 0) return str;
- if (len < 0) {
- rb_raise(rb_eArgError, "negative string size (or size too big)");
- }
rb_str_modify(str);
if (FL_TEST(str, STR_ASSOC)) {
FL_UNSET(str, STR_ASSOC);
@@ -722,9 +718,16 @@ rb_str_buf_cat(str, ptr, len)
else {
capa = RSTRING(str)->aux.capa;
}
+ if (RSTRING(str)->len >= LONG_MAX - len) {
+ rb_raise(rb_eArgError, "string sizes too big");
+ }
total = RSTRING(str)->len+len;
if (capa <= total) {
while (total > capa) {
+ if (capa + 1 >= LONG_MAX / 2) {
+ capa = total;
+ break;
+ }
capa = (capa + 1) * 2;
}
RESIZE_CAPA(str, capa);
@@ -737,6 +740,19 @@ rb_str_buf_cat(str, ptr, len)
}
VALUE
+rb_str_buf_cat(str, ptr, len)
+ VALUE str;
+ const char *ptr;
+ long len;
+{
+ if (len == 0) return str;
+ if (len < 0) {
+ rb_raise(rb_eArgError, "negative string size (or size too big)");
+ }
+ return str_buf_cat(str, ptr, len);
+}
+
+VALUE
rb_str_buf_cat2(str, ptr)
VALUE str;
const char *ptr;
@@ -777,33 +793,7 @@ VALUE
rb_str_buf_append(str, str2)
VALUE str, str2;
{
- long capa, len;
-
- rb_str_modify(str);
- if (FL_TEST(str, STR_ASSOC)) {
- FL_UNSET(str, STR_ASSOC);
- capa = RSTRING(str)->aux.capa = RSTRING(str)->len;
- }
- else {
- capa = RSTRING(str)->aux.capa;
- }
- len = RSTRING(str)->len+RSTRING(str2)->len;
- if (len < 0 || (capa+1) > LONG_MAX / 2) {
- rb_raise(rb_eArgError, "string sizes too big");
- }
- if (capa <= len) {
- while (len > capa) {
- capa = (capa + 1) * 2;
- }
- RESIZE_CAPA(str, capa);
- }
- memcpy(RSTRING(str)->ptr + RSTRING(str)->len,
- RSTRING(str2)->ptr, RSTRING(str2)->len);
- RSTRING(str)->len += RSTRING(str2)->len;
- RSTRING(str)->ptr[RSTRING(str)->len] = '\0'; /* sentinel */
- OBJ_INFECT(str, str2);
-
- return str;
+ return str_buf_cat(str, RSTRING(str2)->ptr, RSTRING(str2)->len);
}
VALUE
diff --git a/version.h b/version.h
index e8222b5..0373739 100644
--- a/version.h
+++ b/version.h
@@ -2,7 +2,7 @@
#define RUBY_RELEASE_DATE "2008-06-20"
#define RUBY_VERSION_CODE 187
#define RUBY_RELEASE_CODE 20080620
-#define RUBY_PATCHLEVEL 20
+#define RUBY_PATCHLEVEL 21
#define RUBY_VERSION_MAJOR 1
#define RUBY_VERSION_MINOR 8