* compile.c (ibf_load_setup): check tainted string argument.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53187 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: ko1 <ko1@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2015-12-18 07:51:58 +0000
committer: ko1 <ko1@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2015-12-18 07:51:58 +0000
commit: dd5fd65eef79637a951a766f5488724c87937c41 (patch)
tree: a2862a20cbe7d66b54652e2d07cc146a99507e95
parent: f64238e777722861bd504c81dccc9fedb2d81be4 (diff)
download: ruby-dd5fd65eef79637a951a766f5488724c87937c41.tar.gz
2 files changed, 6 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 1038a6acdf..aa9a2aaab8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Fri Dec 18 16:50:35 2015  Koichi Sasada  <ko1@atdot.net>
+
+	* compile.c (ibf_load_setup): check tainted string argument.
+
 Fri Dec 18 16:12:13 2015  Koichi Sasada  <ko1@atdot.net>
 
 	* vm_core.h: define USE_LAZY_LOAD if it is not defined.
diff --git a/compile.c b/compile.c
index 995ff8930c..f858fbb681 100644
--- a/compile.c
+++ b/compile.c
@@ -8203,6 +8203,8 @@ ibf_load_iseq(const struct ibf_load *load, const rb_iseq_t *index_iseq)
 static void
 ibf_load_setup(struct ibf_load *load, VALUE loader_obj, VALUE str)
 {
+    rb_check_safe_obj(str);
+
     if (RSTRING_LENINT(str) < (int)sizeof(struct ibf_header)) {
 	rb_raise(rb_eRuntimeError, "broken binary format");
     }
author	ko1 <ko1@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2015-12-18 07:51:58 +0000
committer	ko1 <ko1@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2015-12-18 07:51:58 +0000
commit	dd5fd65eef79637a951a766f5488724c87937c41 (patch)
tree	a2862a20cbe7d66b54652e2d07cc146a99507e95
parent	f64238e777722861bd504c81dccc9fedb2d81be4 (diff)
download	ruby-dd5fd65eef79637a951a766f5488724c87937c41.tar.gz