From eda13c7ee2e3946790edad7e84740359367c90fa Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Thu, 28 Jul 2011 03:32:52 +0000
Subject: * ext/dl/cptr.c (rb_dlptr_aref, rb_dlptr_aset): check NULL pointer  
 dereference.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32720 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog            |  5 ++++-
 ext/dl/cptr.c        | 16 +++++++++++-----
 test/dl/test_cptr.rb |  6 ++++++
 3 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 796f094e0b..ff012cde71 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,7 @@
-Thu Jul 28 12:32:46 2011  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+Thu Jul 28 12:32:49 2011  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* ext/dl/cptr.c (rb_dlptr_aref, rb_dlptr_aset): check NULL pointer
+	  dereference.
 
 	* ext/dl/cptr.c (rb_dlptr_s_to_ptr): use rb_check_funcall.
 
diff --git a/ext/dl/cptr.c b/ext/dl/cptr.c
index 9a471ff852..2f6a65fe52 100644
--- a/ext/dl/cptr.c
+++ b/ext/dl/cptr.c
@@ -502,16 +502,19 @@ rb_dlptr_aref(int argc, VALUE argv[], VALUE self)
     VALUE arg0, arg1;
     VALUE retval = Qnil;
     size_t offset, len;
+    struct ptr_data *data;
 
+    TypedData_Get_Struct(self, struct ptr_data, &dlptr_data_type, data);
+    if (!data->ptr) rb_raise(rb_eDLError, "NULL pointer dereference");
     switch( rb_scan_args(argc, argv, "11", &arg0, &arg1) ){
       case 1:
 	offset = NUM2ULONG(arg0);
-	retval = INT2NUM(*((char*)RPTR_DATA(self)->ptr + offset));
+	retval = INT2NUM(*((char *)data->ptr + offset));
 	break;
       case 2:
 	offset = NUM2ULONG(arg0);
 	len    = NUM2ULONG(arg1);
-	retval = rb_tainted_str_new((char *)RPTR_DATA(self)->ptr + offset, len);
+	retval = rb_tainted_str_new((char *)data->ptr + offset, len);
 	break;
       default:
 	rb_bug("rb_dlptr_aref()");
@@ -535,17 +538,20 @@ rb_dlptr_aset(int argc, VALUE argv[], VALUE self)
     VALUE retval = Qnil;
     size_t offset, len;
     void *mem;
+    struct ptr_data *data;
 
+    TypedData_Get_Struct(self, struct ptr_data, &dlptr_data_type, data);
+    if (!data->ptr) rb_raise(rb_eDLError, "NULL pointer dereference");
     switch( rb_scan_args(argc, argv, "21", &arg0, &arg1, &arg2) ){
       case 2:
 	offset = NUM2ULONG(arg0);
-	((char*)RPTR_DATA(self)->ptr)[offset] = NUM2UINT(arg1);
+	((char*)data->ptr)[offset] = NUM2UINT(arg1);
 	retval = arg1;
 	break;
       case 3:
 	offset = NUM2ULONG(arg0);
 	len    = NUM2ULONG(arg1);
-	if( TYPE(arg2) == T_STRING ){
+	if (RB_TYPE_P(arg2, T_STRING)) {
 	    mem = StringValuePtr(arg2);
 	}
 	else if( rb_obj_is_kind_of(arg2, rb_cDLCPtr) ){
@@ -554,7 +560,7 @@ rb_dlptr_aset(int argc, VALUE argv[], VALUE self)
 	else{
 	    mem    = NUM2PTR(arg2);
 	}
-	memcpy((char *)RPTR_DATA(self)->ptr + offset, mem, len);
+	memcpy((char *)data->ptr + offset, mem, len);
 	retval = arg2;
 	break;
       default:
diff --git a/test/dl/test_cptr.rb b/test/dl/test_cptr.rb
index 953af286e1..c3793859d7 100644
--- a/test/dl/test_cptr.rb
+++ b/test/dl/test_cptr.rb
@@ -212,5 +212,11 @@ module DL
       assert_equal ptr3.to_i, ptr[0,2] = ptr3.to_i
       check.call(str, ptr)
     end
+
+    def test_null_pointer
+      nullpo = CPtr.new(0)
+      assert_raise(DLError) {nullpo[0]}
+      assert_raise(DLError) {nullpo[0] = 1}
+    end
   end
 end
-- 
cgit v1.2.3