diff options
Diffstat (limited to 'ext/psych/yaml/loader.c')
| -rw-r--r-- | ext/psych/yaml/loader.c | 33 |
1 files changed, 30 insertions, 3 deletions
diff --git a/ext/psych/yaml/loader.c b/ext/psych/yaml/loader.c index 9d3d912663..cb3ea93089 100644 --- a/ext/psych/yaml/loader.c +++ b/ext/psych/yaml/loader.c @@ -283,9 +283,12 @@ static int yaml_parser_load_scalar(yaml_parser_t *parser, yaml_event_t *first_event) { yaml_node_t node; + ptrdiff_t node_index; int index; yaml_char_t *tag = first_event->data.scalar.tag; + if (!STACK_LIMIT(parser, parser->document->nodes, INT_MAX-1)) goto error; + if (!tag || strcmp((char *)tag, "!") == 0) { yaml_free(tag); tag = yaml_strdup((yaml_char_t *)YAML_DEFAULT_SCALAR_TAG); @@ -298,7 +301,11 @@ yaml_parser_load_scalar(yaml_parser_t *parser, yaml_event_t *first_event) if (!PUSH(parser, parser->document->nodes, node)) goto error; - index = parser->document->nodes.top - parser->document->nodes.start; + node_index = parser->document->nodes.top - parser->document->nodes.start; +#if PTRDIFF_MAX > INT_MAX + if (node_index > INT_MAX) goto error; +#endif + index = (int)node_index; if (!yaml_parser_register_anchor(parser, index, first_event->data.scalar.anchor)) return 0; @@ -327,8 +334,11 @@ yaml_parser_load_sequence(yaml_parser_t *parser, yaml_event_t *first_event) yaml_node_item_t *top; } items = { NULL, NULL, NULL }; int index, item_index; + ptrdiff_t node_index; yaml_char_t *tag = first_event->data.sequence_start.tag; + if (!STACK_LIMIT(parser, parser->document->nodes, INT_MAX-1)) goto error; + if (!tag || strcmp((char *)tag, "!") == 0) { yaml_free(tag); tag = yaml_strdup((yaml_char_t *)YAML_DEFAULT_SEQUENCE_TAG); @@ -343,7 +353,11 @@ yaml_parser_load_sequence(yaml_parser_t *parser, yaml_event_t *first_event) if (!PUSH(parser, parser->document->nodes, node)) goto error; - index = parser->document->nodes.top - parser->document->nodes.start; + node_index = parser->document->nodes.top - parser->document->nodes.start; +#if PTRDIFF_MAX > INT_MAX + if (node_index > INT_MAX) goto error; +#endif + index = (int)node_index; if (!yaml_parser_register_anchor(parser, index, first_event->data.sequence_start.anchor)) return 0; @@ -351,6 +365,9 @@ yaml_parser_load_sequence(yaml_parser_t *parser, yaml_event_t *first_event) if (!yaml_parser_parse(parser, &event)) return 0; while (event.type != YAML_SEQUENCE_END_EVENT) { + if (!STACK_LIMIT(parser, + parser->document->nodes.start[index-1].data.sequence.items, + INT_MAX-1)) return 0; item_index = yaml_parser_load_node(parser, &event); if (!item_index) return 0; if (!PUSH(parser, @@ -384,9 +401,12 @@ yaml_parser_load_mapping(yaml_parser_t *parser, yaml_event_t *first_event) yaml_node_pair_t *top; } pairs = { NULL, NULL, NULL }; int index; + ptrdiff_t node_index; yaml_node_pair_t pair; yaml_char_t *tag = first_event->data.mapping_start.tag; + if (!STACK_LIMIT(parser, parser->document->nodes, INT_MAX-1)) goto error; + if (!tag || strcmp((char *)tag, "!") == 0) { yaml_free(tag); tag = yaml_strdup((yaml_char_t *)YAML_DEFAULT_MAPPING_TAG); @@ -401,7 +421,11 @@ yaml_parser_load_mapping(yaml_parser_t *parser, yaml_event_t *first_event) if (!PUSH(parser, parser->document->nodes, node)) goto error; - index = parser->document->nodes.top - parser->document->nodes.start; + node_index = parser->document->nodes.top - parser->document->nodes.start; +#if PTRDIFF_MAX > INT_MAX + if (node_index > INT_MAX) goto error; +#endif + index = (int)node_index; if (!yaml_parser_register_anchor(parser, index, first_event->data.mapping_start.anchor)) return 0; @@ -409,6 +433,9 @@ yaml_parser_load_mapping(yaml_parser_t *parser, yaml_event_t *first_event) if (!yaml_parser_parse(parser, &event)) return 0; while (event.type != YAML_MAPPING_END_EVENT) { + if (!STACK_LIMIT(parser, + parser->document->nodes.start[index-1].data.mapping.pairs, + INT_MAX-1)) return 0; pair.key = yaml_parser_load_node(parser, &event); if (!pair.key) return 0; if (!yaml_parser_parse(parser, &event)) return 0; |