From 5b7e24d744340345c11578911e3f1fa4ab0fb9cc Mon Sep 17 00:00:00 2001 From: matz Date: Tue, 19 Jul 2005 08:25:39 +0000 Subject: * io.c (rb_io_inspect): replace sprintf() with "%s" format all over the place by snprintf() to avoid integer overflow. * sample/svr.rb: service can be stopped by ill-behaved client; use tsvr.rb instead. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@8799 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- object.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) (limited to 'object.c') diff --git a/object.c b/object.c index b250b52888..27af5b33e3 100644 --- a/object.c +++ b/object.c @@ -354,10 +354,12 @@ rb_any_to_s(obj) VALUE obj; { char *cname = rb_obj_classname(obj); + size_t len; VALUE str; - str = rb_str_new(0, strlen(cname)+6+16+1); /* 6:tags 16:addr 1:nul */ - sprintf(RSTRING(str)->ptr, "#<%s:0x%lx>", cname, obj); + len = strlen(cname)+6+16+1; + str = rb_str_new(0, len); /* 6:tags 16:addr 1:nul */ + snprintf(RSTRING(str)->ptr, len, "#<%s:0x%lx>", cname, obj); RSTRING(str)->len = strlen(RSTRING(str)->ptr); if (OBJ_TAINTED(obj)) OBJ_TAINT(str); @@ -433,17 +435,20 @@ rb_obj_inspect(obj) && ROBJECT(obj)->iv_tbl && ROBJECT(obj)->iv_tbl->num_entries > 0) { VALUE str; + size_t len; char *c; c = rb_obj_classname(obj); if (rb_inspecting_p(obj)) { - str = rb_str_new(0, strlen(c)+10+16+1); /* 10:tags 16:addr 1:nul */ - sprintf(RSTRING(str)->ptr, "#<%s:0x%lx ...>", c, obj); + len = strlen(c)+10+16+1; + str = rb_str_new(0, len); /* 10:tags 16:addr 1:nul */ + snprintf(RSTRING(str)->ptr, len, "#<%s:0x%lx ...>", c, obj); RSTRING(str)->len = strlen(RSTRING(str)->ptr); return str; } - str = rb_str_new(0, strlen(c)+6+16+1); /* 6:tags 16:addr 1:nul */ - sprintf(RSTRING(str)->ptr, "-<%s:0x%lx", c, obj); + len = strlen(c)+6+16+1; + str = rb_str_new(0, len); /* 6:tags 16:addr 1:nul */ + snprintf(RSTRING(str)->ptr, len, "-<%s:0x%lx", c, obj); RSTRING(str)->len = strlen(RSTRING(str)->ptr); return rb_protect_inspect(inspect_obj, obj, str); } -- cgit v1.2.3