diff options
| author | shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2011-05-06 06:19:17 +0000 |
|---|---|---|
| committer | shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2011-05-06 06:19:17 +0000 |
| commit | e3a69233e6563e6c95ccdc1040afa00db7b795e9 (patch) | |
| tree | 2b31f4d497f14154f0a57c9b4536ad5d9b89e80c | |
| parent | be237a9d8fad158f7cd0fd58b25eaf5884ab1664 (diff) | |
* ext/syck/rubyext.c (mktime_do): avoid buffer overrun, by
silently ignoring lesser significant digits. Required buffer
length can be computable so you might at first think of
allocating enough memory space on the fly using alloca(). That
is a wrong idea because when using alloca there is always risk
of integer overflow. A function that accepts outer-process
resources like this should not blindly trust its inputs. In
this particular case we just want to generate miliseconds
resolution by strtod() so the string in question needs no more
length than what we originally have. Ignoring lesser
significant digits should suffice I believe.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31443 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| -rw-r--r-- | ChangeLog | 14 | ||||
| -rw-r--r-- | ext/syck/rubyext.c | 6 |
2 files changed, 14 insertions, 6 deletions
@@ -1,3 +1,17 @@ +Fri May 6 15:01:11 2011 URABE Shyouhei <[email protected]> + + * ext/syck/rubyext.c (mktime_do): avoid buffer overrun, by + silently ignoring lesser significant digits. Required buffer + length can be computable so you might at first think of + allocating enough memory space on the fly using alloca(). That + is a wrong idea because when using alloca there is always risk + of integer overflow. A function that accepts outer-process + resources like this should not blindly trust its inputs. In + this particular case we just want to generate miliseconds + resolution by strtod() so the string in question needs no more + length than what we originally have. Ignoring lesser + significant digits should suffice I believe. + Fri May 6 14:25:53 2011 Tinco Andringa <[email protected]> * ext/syck/rubyext.c (mktime_do): YAML.load time correctly parse diff --git a/ext/syck/rubyext.c b/ext/syck/rubyext.c index b7ab817002..970b64ed05 100644 --- a/ext/syck/rubyext.c +++ b/ext/syck/rubyext.c @@ -281,12 +281,6 @@ mktime_do(VALUE varg) while ( isdigit( *end ) ) end++; length = (int)(end - begin) <= padding ? (int)(end - begin) : padding; MEMCPY(padded, begin, char, length); - length = (int)(end - begin); - if (length > padding) { - length = length - padding; - MEMCPY(padded + offset, begin + padding, char, length); - } - usec = strtod(padded, NULL); } else |