From e90f7de04fac518947c6da19ecdb31597e807c0d Mon Sep 17 00:00:00 2001 From: shyouhei Date: Fri, 7 Sep 2007 07:46:40 +0000 Subject: * array.c (rb_ary_subseq): need integer overflow check. [ruby-dev:31736] * array.c (rb_ary_splice): ditto. [ruby-dev:31737] * array.c (rb_ary_fill): ditto. [ruby-dev:31738] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13399 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ChangeLog | 8 ++++++-- array.c | 4 ++-- version.h | 2 +- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index c5286a934c..942dec486b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,11 @@ Fri Sep 7 16:39:23 2007 Yukihiro Matsumoto - * array.c (rb_ary_fill): need integer overflow check. - [ruby-dev:31738] + * array.c (rb_ary_subseq): need integer overflow check. + [ruby-dev:31736] + + * array.c (rb_ary_splice): ditto. [ruby-dev:31737] + + * array.c (rb_ary_fill): ditto. [ruby-dev:31738] * string.c (rb_str_splice): integer overflow for length. [ruby-dev:31739] diff --git a/array.c b/array.c index 3bd8862fd9..fbca3c193e 100644 --- a/array.c +++ b/array.c @@ -606,7 +606,7 @@ rb_ary_subseq(ary, beg, len) if (beg > RARRAY(ary)->len) return Qnil; if (beg < 0 || len < 0) return Qnil; - if (beg + len > RARRAY(ary)->len) { + if (RARRAY(ary)->len < len || RARRAY(ary)->len < beg + len) { len = RARRAY(ary)->len - beg; if (len < 0) len = 0; @@ -961,7 +961,7 @@ rb_ary_splice(ary, beg, len, rpl) rb_raise(rb_eIndexError, "index %ld out of array", beg); } } - if (beg + len > RARRAY(ary)->len) { + if (RARRAY(ary)->len < len || RARRAY(ary)->len < beg + len) { len = RARRAY(ary)->len - beg; } diff --git a/version.h b/version.h index e97938809c..7254457eae 100644 --- a/version.h +++ b/version.h @@ -2,7 +2,7 @@ #define RUBY_RELEASE_DATE "2007-09-07" #define RUBY_VERSION_CODE 186 #define RUBY_RELEASE_CODE 20070907 -#define RUBY_PATCHLEVEL 99 +#define RUBY_PATCHLEVEL 100 #define RUBY_VERSION_MAJOR 1 #define RUBY_VERSION_MINOR 8 -- cgit v1.2.3