diff options
| -rw-r--r-- | ChangeLog | 14 | ||||
| -rw-r--r-- | ext/syck/rubyext.c | 6 |
2 files changed, 14 insertions, 6 deletions
@@ -1,3 +1,17 @@ +Fri May 6 15:01:11 2011 URABE Shyouhei <shyouhei@ruby-lang.org> + + * ext/syck/rubyext.c (mktime_do): avoid buffer overrun, by + silently ignoring lesser significant digits. Required buffer + length can be computable so you might at first think of + allocating enough memory space on the fly using alloca(). That + is a wrong idea because when using alloca there is always risk + of integer overflow. A function that accepts outer-process + resources like this should not blindly trust its inputs. In + this particular case we just want to generate miliseconds + resolution by strtod() so the string in question needs no more + length than what we originally have. Ignoring lesser + significant digits should suffice I believe. + Fri May 6 14:25:53 2011 Tinco Andringa <mail@tinco.nl> * ext/syck/rubyext.c (mktime_do): YAML.load time correctly parse diff --git a/ext/syck/rubyext.c b/ext/syck/rubyext.c index b7ab817002..970b64ed05 100644 --- a/ext/syck/rubyext.c +++ b/ext/syck/rubyext.c @@ -281,12 +281,6 @@ mktime_do(VALUE varg) while ( isdigit( *end ) ) end++; length = (int)(end - begin) <= padding ? (int)(end - begin) : padding; MEMCPY(padded, begin, char, length); - length = (int)(end - begin); - if (length > padding) { - length = length - padding; - MEMCPY(padded + offset, begin + padding, char, length); - } - usec = strtod(padded, NULL); } else |