Age | Commit message (Collapse) | Author |
|
* string.c (str_buf_cat): check for self concatenation.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@17733 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* string.c (rb_str_buf_append): should infect.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@17486 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* array.c (rb_ary_store, rb_ary_splice): not depend on unspecified
behavior at integer overflow.
* string.c (str_buf_cat): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@17475 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
rb_ary_aplice, rb_ary_times): integer overflows should be
checked. based on patches from Drew Yao <ayao at apple.com>
fixed CVE-2008-2726
* string.c (rb_str_buf_append): fixed unsafe use of alloca,
which led memory corruption. based on a patch from Drew Yao
<ayao at apple.com> fixed CVE-2008-2726
* sprintf.c (rb_str_format): backported from trunk.
* intern.h: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@17460 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* string.c (rb_str_cat): fixed buffer overrun reported by
Christopher Thompson <cthompson at nexopia.com> in [ruby-core:16746]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@17298 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ruby-dev:31739]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13395 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
before actually modifying the string.
fixed: [ruby-dev:30211] (originally reported by zunda)
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@11597 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
inifinite loop. [ruby-core:09864]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@11515 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@11454 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@11453 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ruby-core:09695]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@11374 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
string, but not the shared string. fixed: [ruby-core:09152]
* strnig.c (rb_str_new4): keep shared string untainted when orignal
string is tainted. fixed: [ruby-dev:29672]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@11201 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ruby-core:09007]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@11106 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
level is greater than zero. [ruby-core:08862]
* parse.y (rb_interned_p): new function to check if a string is
already interned.
* object.c (str_to_id): use rb_str_intern().
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10930 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10916 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
may not be defined to shut up gcc's -Wundef warnings.
[ruby-core:08447]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10648 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ruby-core:7216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10603 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10512 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ruby-dev:28927]
* string.c (rb_str_dump): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10454 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
<alex at blackkettle.org>. [ruby-core:08068]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10413 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
safe levels higher than 3.
* re.c (rb_memcmp): type change from char* to const void*.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10156 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ruby-dev:27535]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9473 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
cookie name. [ruby-talk:156140]
* string.c (rb_str_substr): should propagate taintness even for
empty strings. [ruby-dev:27121]
* string.c (rb_str_aref): should infect result if range argument
is tainted. [ruby-dev:27121]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9200 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
and a little improvement. [ruby-dev:26900]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9104 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@8359 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
fixed: [ruby-dev:25811]
* lib/cgi-lib.rb: add deprecation warning. [ruby-dev:25499]
getopts.rb, parsearg.rb, importenv.rb as well.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@8096 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ruby-dev:25675]
* misc/ruby-mode.el: [ruby-core:04415]
* lib/rdoc/generators/html_generator.rb: [ruby-core:04412]
* lib/rdoc/generators/ri_generator.rb: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7953 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* struct.c (rb_struct_set): use original method name, not callee
name, to retrieve member slot. [ruby-core:04268]
* time.c (time_strftime): protect from format modification from GC
finalizers.
* gc.c (rb_data_object_alloc): klass may be NULL.
[ruby-list:40498]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7791 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7685 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
conversion. fixed: [ruby-dev:25341]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7677 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
substitution. fixed: [ruby-core:03922]
* string.c (rb_str_dump): not escape # which isn't a substitution.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7519 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* eval.c (rb_funcall_rescue): new function.
* object.c (rb_Array): avoid using rb_respond_to().
* object.c (rb_Integer): ditto.
* eval.c (get_backtrace): no conversion for nil.
* parse.y (reduce_nodes): empty body should return nil.
* lib/cgi/session.rb (CGI::Session::initialize): [ruby-core:03832]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7414 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7367 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
GetOpenFile(). [ruby-dev:24947]
* file.c (rb_file_truncate): ditto.
* file.c (rb_file_s_truncate): ditto.
* dir.c (dir_seek): use NUM2OFFT().
* misc/ruby-mode.el (ruby-non-block-do-re): [ruby-core:03719]
* dir.c (dir_seek): should retrieve dir_data after NUM2INT().
[ruby-dev:24941]
* string.c (rb_str_splice): should place index wrapping after
possible modification. [ruby-dev:24940]
* eval.c (error_print): nicer traceback at interrupt.
[ruby-core:03774]
* string.c (str_gsub): internal buffer should not be listed by
ObjectSpace.each_object() by String#gsub. [ruby-dev:24931]
* lib/cgi/session.rb (CGI::Session::FileStore::initialize): raise
exception if data corresponding to session specified from the
client does not exist.
* string.c (str_gsub): internal buffer should not be listed by
ObjectSpace.each_object(). [ruby-dev:24919]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7354 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7343 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* string.c (rb_str_upcase_bang, rb_str_capitalize_bang)
(rb_str_swapcase_bang): missing rb_str_modify().
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7340 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ruby-dev:24899]
* process.c (get_pid): ditto. [ruby-dev:24904]
* process.c (get_ppid): ditto.
* array.c (rb_ary_delete): defer rb_ary_modify() until actual
modification. [ruby-dev:24901]
* parse.y (newline_node): should not use FL_SET. [ruby-dev:24874]
* parse.y (string_content): should not use FL_UNSET.
* node.h (NODE_NEWLINE): remove unused bit to utilize flag field
in nodes.
* string.c (rb_str_splice): move rb_str_modify() after
StringValue(), which may alter the receiver. [ruby-dev:24878]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7307 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
assignment to local variables. [ruby-dev:24873]
* string.c (str_mod_check): frozen check should be separated.
[ruby-core:3742]
* array.c (rb_ary_update): pedantic check to detect
rb_ary_to_ary() to modify the receiver. [ruby-dev:24861]
* string.c (rb_str_justify): typo fixed. [ruby-dev:24851]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7290 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
locking. [ruby-dev:24727]
* gc.c (gc_mark): stricter GC stack check.
* string.c (str_gsub): should have removed rb_str_unlocktmp(str).
[ruby-dev:24708]
* string.c (str_gsub): string modify check no longer based on
tmplock. [ruby-dev:24706]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7216 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* string.c (str_gsub): lock strings temporarily. [ruby-dev:24687]
* ext/socket/socket.c (s_recvfrom): tmplock input buffer.
[ruby-dev:24705]
* array.c (rb_ary_uniq_bang): do not push frozen string from hash
table. [ruby-dev:24695]
* array.c (rb_ary_and): ditto.
* array.c (rb_ary_or): ditto.
* ext/enumerator/enumerator.c (each_cons_i): pass copy of an
internal consequent array. [ruby-talk:118691]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7196 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* string.c (str_independent): add tmplock check.
* io.c (io_write): lock output string temporarily.
[ruby-dev:24649]
* io.c (io_write): use rb_str_locktmp().
* io.c (read_all): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7149 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7123 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
capacity member of string structure. [ruby-dev:24594]
* ext/zlib/zlib.c (gzreader_gets): use memchr() to to gain
performance. [ruby-talk:117701]
* sprintf.c (rb_f_sprintf): raise ArgumentError for extra
arguments, unless (digit)$ style used.
* ext/zlib/zlib.c (gzreader_gets): use memchr() to to gain
performance. [ruby-talk:117701]
* sprintf.c (rb_f_sprintf): raise ArgumentError for extra
arguments, unless (digit)$ style used.
* eval.c (frame_free): Guy Decoux solved the leak problem.
Thanks. [ruby-core:03549]
* ext/zlib/zlib.c (zstream_append_input): clear klass for z->input
to avoid potential vulnerability.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7119 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ruby-dev:24601]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7117 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ruby-dev:24558]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7096 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* backport all SEGV bug fixes from CVS HEAD. [ruby-dev:24536]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7090 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
rb_io_fread() by freezing it temporarily. [ruby-dev:24479]
* dir.c (rb_push_glob): block call at once the end of method.
[ruby-dev:24487]
* ext/enumerator/enumerator.c (enum_each_slice): remove
rb_gc_force_recycle() to prevent potential SEGV.
[ruby-dev:24499]
* ext/zlib/zlib.c (zstream_expand_buffer): hide internal string
buffer by clearing klass. [ruby-dev:24510]
* ext/socket/socket.c (sock_s_getservbyaname): protocol string
might be altered. [ruby-dev:24503]
* string.c (rb_str_upto): check if return value from succ is a
string. [ruby-dev:24504]
* io.c (rb_io_popen): get mode string via rb_io_flags_mode() to
avoid mode string modification. [ruby-dev:24454]
* io.c (rb_io_getline_fast): should take delim as unsigned char to
distinguish EOF and '\377'. [ruby-dev:24460]
* io.c (rb_io_getline): add check for RS modification.
[ruby-dev:24461]
* enum.c (enum_sort_by): use qsort() directly instead using
rb_iterate(). [ruby-dev:24462]
* enum.c (enum_each_with_index): remove rb_gc_force_recycle() to
prevent access to recycled object (via continuation for
example). [ruby-dev:24463]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7071 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7066 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7064 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
ALLOCA_N() to prevent modification. [ruby-dev:24438]
* io.c (rb_io_mode_flags): preserve append mode flag.
[ruby-dev:24436]
* io.c (rb_io_modenum_mode): do not use external output buffer.
* string.c (rb_str_justify): differ pointer retrieval to prevent
padding string modification. [ruby-dev:24434]
* range.c (range_each_func): allow func to terminate loop by
returning RANGE_EACH_BREAK.
* range.c (member_i): use RANGE_EACH_BREAK. [ruby-talk:114959]
* marshal.c (r_byte): retrieve pointer from string value for each
time. [ruby-dev:24404]
* marshal.c (r_bytes0): ditto.
* enum.c (sort_by_i): re-entrance check added. [ruby-dev:24399]
* io.c (io_read): should freeze all reading buffer.
[ruby-dev:24400]
* string.c (rb_str_sum): should use bignums when bits is greater
than or equals to sizeof(long)*CHAR_BITS. [ruby-dev:24395]
* eval.c (specific_eval): defer pointer retrieval to prevent
unsafe sourcefile string modification. [ruby-dev:24382]
* eval.c (specific_eval): defer pointer retrieval to prevent
unsafe sourcefile string modification. [ruby-dev:24382]
* string.c (rb_str_sum): wrong cast caused wrong result.
[ruby-dev:24385]
* enum.c (enum_sort_by): hide temporary array from
ObjectSpace.each_object. [ruby-dev:24386]
* string.c (rb_str_sum): check was done with false pointer.
[ruby-dev:24383]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7003 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|