From a7b3a428501a855e3caee42474121fe8f387daf5 Mon Sep 17 00:00:00 2001 From: matz Date: Sun, 21 Dec 2003 15:38:01 +0000 Subject: * ext/syck/emitter.c (syck_emitter_write): str bigger than e->bufsize causes buffer overflow. [ruby-dev:22307] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@5239 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ext/syck/emitter.c | 11 ++++++++++- ext/syck/rubyext.c | 4 ++-- 2 files changed, 12 insertions(+), 3 deletions(-) (limited to 'ext') diff --git a/ext/syck/emitter.c b/ext/syck/emitter.c index 1cc0ea5075..4dcc8b3fc5 100644 --- a/ext/syck/emitter.c +++ b/ext/syck/emitter.c @@ -232,9 +232,18 @@ syck_emitter_write( SyckEmitter *e, char *str, long len ) * Flush if at end of buffer */ at = e->marker - e->buffer; - if ( len + at > e->bufsize ) + if ( len + at >= e->bufsize ) { syck_emitter_flush( e, 0 ); + for (;;) { + long rest = e->bufsize - (e->marker - e->buffer); + if (len <= rest) break; + S_MEMCPY( e->marker, str, char, rest ); + e->marker += len; + str += rest; + len -= rest; + syck_emitter_flush( e, 0 ); + } } /* diff --git a/ext/syck/rubyext.c b/ext/syck/rubyext.c index 3722babc39..ecb39c344a 100644 --- a/ext/syck/rubyext.c +++ b/ext/syck/rubyext.c @@ -845,7 +845,7 @@ syck_loader_initialize( self ) { VALUE families; - rb_iv_set(self, "@families", rb_hash_new() ); + rb_iv_set(self, "@families", rb_hash_new() ); rb_iv_set(self, "@private_types", rb_hash_new() ); rb_iv_set(self, "@anchors", rb_hash_new() ); families = rb_iv_get(self, "@families"); @@ -853,7 +853,7 @@ syck_loader_initialize( self ) rb_hash_aset(families, rb_str_new2( YAML_DOMAIN ), rb_hash_new()); rb_hash_aset(families, rb_str_new2( RUBY_DOMAIN ), rb_hash_new()); - return self; + return self; } /* -- cgit v1.2.3