From 65e137a74c1a6c1dddac44ca6f9d569828fb38d8 Mon Sep 17 00:00:00 2001
From: knu <knu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Tue, 15 Apr 2008 14:42:44 +0000
Subject: * ext/syck/rubyext.c (rb_syck_mktime): Avoid buffer overflow.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@16044 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ext/syck/rubyext.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'ext')

diff --git a/ext/syck/rubyext.c b/ext/syck/rubyext.c
index 078de4f78d..8c4027f26d 100644
--- a/ext/syck/rubyext.c
+++ b/ext/syck/rubyext.c
@@ -268,9 +268,13 @@ rb_syck_mktime(str, len)
     {
         char padded[] = "000000";
         char *end = ptr + 1;
+        char *p = end;
         while ( isdigit( *end ) ) end++;
-        MEMCPY(padded, ptr + 1, char, end - (ptr + 1));
-        usec = strtol(padded, NULL, 10);
+        if (end - p < sizeof(padded)) {
+            MEMCPY(padded, ptr + 1, char, end - (ptr + 1));
+            p = padded;
+        }
+        usec = strtol(p, NULL, 10);
     }
     else
     {
-- 
cgit v1.2.3