From d84dde37a1c13be3360e0ec0f7dfc9c701f4ae5d Mon Sep 17 00:00:00 2001 From: shyouhei Date: Fri, 20 Jun 2008 06:53:16 +0000 Subject: merge revision(s) 17470:17472: * array.c (rb_ary_store, rb_ary_splice): not depend on unspecified behavior at integer overflow. * string.c (str_buf_cat): ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@17475 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ChangeLog | 7 +++++++ array.c | 6 +++--- string.c | 56 +++++++++++++++++++++++--------------------------------- version.h | 2 +- 4 files changed, 34 insertions(+), 37 deletions(-) diff --git a/ChangeLog b/ChangeLog index fa66869683..1fa30104c7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +Fri Jun 20 15:52:30 2008 Nobuyoshi Nakada + + * array.c (rb_ary_store, rb_ary_splice): not depend on unspecified + behavior at integer overflow. + + * string.c (str_buf_cat): ditto. + Wed Jun 18 22:25:10 2008 URABE Shyouhei * array.c (ary_new, rb_ary_initialize, rb_ary_store, diff --git a/array.c b/array.c index 000683fda1..c5261044da 100644 --- a/array.c +++ b/array.c @@ -370,7 +370,7 @@ rb_ary_store(ary, idx, val) if (new_capa < ARY_DEFAULT_SIZE) { new_capa = ARY_DEFAULT_SIZE; } - else if (new_capa >= ARY_MAX_SIZE - idx) { + if (new_capa >= ARY_MAX_SIZE - idx) { new_capa = (ARY_MAX_SIZE - idx) / 2; } new_capa += idx; @@ -979,10 +979,10 @@ rb_ary_splice(ary, beg, len, rpl) rb_ary_modify(ary); if (beg >= RARRAY(ary)->len) { - len = beg + rlen; - if (len < 0 || len > ARY_MAX_SIZE) { + if (beg > ARY_MAX_SIZE - rlen) { rb_raise(rb_eIndexError, "index %ld too big", beg); } + len = beg + rlen; if (len >= RARRAY(ary)->aux.capa) { REALLOC_N(RARRAY(ary)->ptr, VALUE, len); RARRAY(ary)->aux.capa = len; diff --git a/string.c b/string.c index 7eb96c57f1..d32c98e8f8 100644 --- a/string.c +++ b/string.c @@ -687,18 +687,14 @@ rb_str_resize(str, len) return str; } -VALUE -rb_str_buf_cat(str, ptr, len) +static VALUE +str_buf_cat(str, ptr, len) VALUE str; const char *ptr; long len; { long capa, total; - if (len == 0) return str; - if (len < 0) { - rb_raise(rb_eArgError, "negative string size (or size too big)"); - } rb_str_modify(str); if (FL_TEST(str, STR_ASSOC)) { FL_UNSET(str, STR_ASSOC); @@ -707,9 +703,16 @@ rb_str_buf_cat(str, ptr, len) else { capa = RSTRING(str)->aux.capa; } + if (RSTRING(str)->len >= LONG_MAX - len) { + rb_raise(rb_eArgError, "string sizes too big"); + } total = RSTRING(str)->len+len; if (capa <= total) { while (total > capa) { + if (capa + 1 >= LONG_MAX / 2) { + capa = total; + break; + } capa = (capa + 1) * 2; } RESIZE_CAPA(str, capa); @@ -721,6 +724,19 @@ rb_str_buf_cat(str, ptr, len) return str; } +VALUE +rb_str_buf_cat(str, ptr, len) + VALUE str; + const char *ptr; + long len; +{ + if (len == 0) return str; + if (len < 0) { + rb_raise(rb_eArgError, "negative string size (or size too big)"); + } + return str_buf_cat(str, ptr, len); +} + VALUE rb_str_buf_cat2(str, ptr) VALUE str; @@ -762,33 +778,7 @@ VALUE rb_str_buf_append(str, str2) VALUE str, str2; { - long capa, len; - - rb_str_modify(str); - if (FL_TEST(str, STR_ASSOC)) { - FL_UNSET(str, STR_ASSOC); - capa = RSTRING(str)->aux.capa = RSTRING(str)->len; - } - else { - capa = RSTRING(str)->aux.capa; - } - len = RSTRING(str)->len+RSTRING(str2)->len; - if (len < 0 || (capa+1) > LONG_MAX / 2) { - rb_raise(rb_eArgError, "string sizes too big"); - } - if (capa <= len) { - while (len > capa) { - capa = (capa + 1) * 2; - } - RESIZE_CAPA(str, capa); - } - memcpy(RSTRING(str)->ptr + RSTRING(str)->len, - RSTRING(str2)->ptr, RSTRING(str2)->len); - RSTRING(str)->len += RSTRING(str2)->len; - RSTRING(str)->ptr[RSTRING(str)->len] = '\0'; /* sentinel */ - OBJ_INFECT(str, str2); - - return str; + return str_buf_cat(str, RSTRING(str2)->ptr, RSTRING(str2)->len); } VALUE diff --git a/version.h b/version.h index 36471004b3..7057cf0f29 100644 --- a/version.h +++ b/version.h @@ -2,7 +2,7 @@ #define RUBY_RELEASE_DATE "2008-06-20" #define RUBY_VERSION_CODE 186 #define RUBY_RELEASE_CODE 20080620 -#define RUBY_PATCHLEVEL 228 +#define RUBY_PATCHLEVEL 229 #define RUBY_VERSION_MAJOR 1 #define RUBY_VERSION_MINOR 8 -- cgit v1.2.3