From 62539b49a7aebd4a948fef30461841e123bad461 Mon Sep 17 00:00:00 2001 From: nobu Date: Sun, 13 Dec 2015 09:25:15 +0000 Subject: tkutil.c: array length * ext/tk/tkutil/tkutil.c (cbsubst_table_setup): check length of argument arrays for each access, as callback methods can modify them. reported by Marcin 'Icewall' Noga of Cisco Talos. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53076 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ext/tk/tkutil/tkutil.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) (limited to 'ext/tk/tkutil/tkutil.c') diff --git a/ext/tk/tkutil/tkutil.c b/ext/tk/tkutil/tkutil.c index adc14c0cff..fc9ed2d5e3 100644 --- a/ext/tk/tkutil/tkutil.c +++ b/ext/tk/tkutil/tkutil.c @@ -1568,7 +1568,7 @@ cbsubst_table_setup(argc, argv, self) const VALUE *infp; ID id; struct cbsubst_info *subst_inf; - long idx, len; + long idx; unsigned char chr; /* accept (key_inf, proc_inf) or (key_inf, longkey_inf, procinf) */ @@ -1594,8 +1594,7 @@ cbsubst_table_setup(argc, argv, self) * type ==> char code or string * ivar ==> symbol */ - len = RARRAY_LEN(key_inf); - for(idx = 0; idx < len; idx++) { + for(idx = 0; idx < RARRAY_LEN(key_inf); idx++) { inf = RARRAY_AREF(key_inf, idx); if (!RB_TYPE_P(inf, T_ARRAY)) continue; if (RARRAY_LEN(inf) < 3) continue; @@ -1622,8 +1621,7 @@ cbsubst_table_setup(argc, argv, self) * type ==> char code or string * ivar ==> symbol */ - len = RARRAY_LEN(longkey_inf); - for(idx = 0; idx < len; idx++) { + for(idx = 0; idx < RARRAY_LEN(longkey_inf); idx++) { inf = RARRAY_AREF(longkey_inf, idx); if (!RB_TYPE_P(inf, T_ARRAY)) continue; if (RARRAY_LEN(inf) < 3) continue; @@ -1652,9 +1650,7 @@ cbsubst_table_setup(argc, argv, self) * type ==> char code or string * proc ==> proc/method/obj (must respond to 'call') */ - len = RARRAY_LEN(proc_inf); - for(idx = 0; idx < len; idx++) { - VALUE type, proc; + for(idx = 0; idx < RARRAY_LEN(proc_inf); idx++) { inf = RARRAY_AREF(proc_inf, idx); if (!RB_TYPE_P(inf, T_ARRAY)) continue; if (RARRAY_LEN(inf) < 2) continue; -- cgit v1.2.3