object.c: fix potential oob write in rb_str_to_dbl()

Ensure space for the terminating NUL byte. Note that this code path is reachable only when Ruby is compiled with SHARABLE_MIDDLE_SUBSTRING=1. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59714 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2017-09-01 08:16:38 +0000
committer: rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2017-09-01 08:16:38 +0000
commit: fc188f1646f3a925f0d5935d92f6a0131323413e (patch)
tree: 32f0d7685c7c133e362eebbba6e8b227ea3e41ad /object.c
parent: 99d64640c4d2f20aabe6115f95dab1a63d6f143f (diff)
download: ruby-fc188f1646f3a925f0d5935d92f6a0131323413e.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/object.c b/object.c
index 378eb3a04e..0f91a1b43e 100644
--- a/object.c
+++ b/object.c
@@ -3302,7 +3302,7 @@ rb_str_to_dbl(VALUE str, int badcheck)
 	    rb_raise(rb_eArgError, "string for Float contains null byte");
 	}
 	if (s[len]) {		/* no sentinel somehow */
-	    char *p =  ALLOCV(v, len);
+	    char *p = ALLOCV(v, (size_t)len + 1);
 	    MEMCPY(p, s, char, len);
 	    p[len] = '\0';
 	    s = p;
author	rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2017-09-01 08:16:38 +0000
committer	rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2017-09-01 08:16:38 +0000
commit	fc188f1646f3a925f0d5935d92f6a0131323413e (patch)
tree	32f0d7685c7c133e362eebbba6e8b227ea3e41ad /object.c
parent	99d64640c4d2f20aabe6115f95dab1a63d6f143f (diff)
download	ruby-fc188f1646f3a925f0d5935d92f6a0131323413e.tar.gz