From e3a69233e6563e6c95ccdc1040afa00db7b795e9 Mon Sep 17 00:00:00 2001 From: shyouhei Date: Fri, 6 May 2011 06:19:17 +0000 Subject: * ext/syck/rubyext.c (mktime_do): avoid buffer overrun, by silently ignoring lesser significant digits. Required buffer length can be computable so you might at first think of allocating enough memory space on the fly using alloca(). That is a wrong idea because when using alloca there is always risk of integer overflow. A function that accepts outer-process resources like this should not blindly trust its inputs. In this particular case we just want to generate miliseconds resolution by strtod() so the string in question needs no more length than what we originally have. Ignoring lesser significant digits should suffice I believe. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31443 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ext/syck/rubyext.c | 6 ------ 1 file changed, 6 deletions(-) (limited to 'ext') diff --git a/ext/syck/rubyext.c b/ext/syck/rubyext.c index b7ab817002..970b64ed05 100644 --- a/ext/syck/rubyext.c +++ b/ext/syck/rubyext.c @@ -281,12 +281,6 @@ mktime_do(VALUE varg) while ( isdigit( *end ) ) end++; length = (int)(end - begin) <= padding ? (int)(end - begin) : padding; MEMCPY(padded, begin, char, length); - length = (int)(end - begin); - if (length > padding) { - length = length - padding; - MEMCPY(padded + offset, begin + padding, char, length); - } - usec = strtod(padded, NULL); } else -- cgit v1.2.3