From d4bbc2d776878492ef9cf911bca8c43ac0a9b1e5 Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Thu, 6 Feb 2014 11:49:14 +0000
Subject: gc.c: check numeric string

* gc.c (get_envparam_int, get_envparam_double): check invalid string
  as numeric.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44865 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 gc.c | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

(limited to 'gc.c')

diff --git a/gc.c b/gc.c
index 20f57132e5..d5d49f0bd4 100644
--- a/gc.c
+++ b/gc.c
@@ -5652,7 +5652,19 @@ get_envparam_int(const char *name, unsigned int *default_value, int lower_bound)
     int val;
 
     if (ptr != NULL) {
-	val = atoi(ptr);
+	char *end;
+	long lval = strtol(ptr, &end, 10);
+	if (!*ptr || *end) {
+	    if (RTEST(ruby_verbose)) fprintf(stderr, "invalid string for %s: %s\n", name, ptr);
+	    return 0;
+	}
+# if LONG_MAX > INT_MAX
+	if (lval < INT_MIN || INT_MAX < lval) {
+	    if (RTEST(ruby_verbose)) fprintf(stderr, "integer overflow for %s: %ld\n", name, lval);
+	    return 0;
+	}
+# endif
+	val = (int)lval;
 	if (val > lower_bound) {
 	    if (RTEST(ruby_verbose)) fprintf(stderr, "%s=%d (default value: %d)\n", name, val, *default_value);
 	    *default_value = val;
@@ -5672,7 +5684,12 @@ get_envparam_double(const char *name, double *default_value, double lower_bound)
     double val;
 
     if (ptr != NULL) {
-	val = strtod(ptr, NULL);
+	char *end;
+	val = strtod(ptr, &end);
+	if (!*ptr || *end) {
+	    if (RTEST(ruby_verbose)) fprintf(stderr, "invalid string for %s: %s\n", name, ptr);
+	    return 0;
+	}
 	if (val > lower_bound) {
 	    if (RTEST(ruby_verbose)) fprintf(stderr, "%s=%f (%f)\n", name, val, *default_value);
 	    *default_value = val;
-- 
cgit v1.2.3