summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog14
-rw-r--r--ext/syck/rubyext.c6
2 files changed, 14 insertions, 6 deletions
diff --git a/ChangeLog b/ChangeLog
index d3ddc2e4ef6..173de3c0a68 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,17 @@
+Fri May 6 15:01:11 2011 URABE Shyouhei <shyouhei@ruby-lang.org>
+
+ * ext/syck/rubyext.c (mktime_do): avoid buffer overrun, by
+ silently ignoring lesser significant digits. Required buffer
+ length can be computable so you might at first think of
+ allocating enough memory space on the fly using alloca(). That
+ is a wrong idea because when using alloca there is always risk
+ of integer overflow. A function that accepts outer-process
+ resources like this should not blindly trust its inputs. In
+ this particular case we just want to generate miliseconds
+ resolution by strtod() so the string in question needs no more
+ length than what we originally have. Ignoring lesser
+ significant digits should suffice I believe.
+
Fri May 6 14:25:53 2011 Tinco Andringa <mail@tinco.nl>
* ext/syck/rubyext.c (mktime_do): YAML.load time correctly parse
diff --git a/ext/syck/rubyext.c b/ext/syck/rubyext.c
index b7ab817002c..970b64ed05d 100644
--- a/ext/syck/rubyext.c
+++ b/ext/syck/rubyext.c
@@ -281,12 +281,6 @@ mktime_do(VALUE varg)
while ( isdigit( *end ) ) end++;
length = (int)(end - begin) <= padding ? (int)(end - begin) : padding;
MEMCPY(padded, begin, char, length);
- length = (int)(end - begin);
- if (length > padding) {
- length = length - padding;
- MEMCPY(padded + offset, begin + padding, char, length);
- }
-
usec = strtod(padded, NULL);
}
else