diff options
author | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-12-13 09:33:40 +0000 |
---|---|---|
committer | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-12-13 09:33:40 +0000 |
commit | d10d5a974d81628605cf4d69b9e1a9b13fd43651 (patch) | |
tree | 440ede7e1c0b7220160995858d84112dbe578844 /pack.c | |
parent | db48c307944a9a18877236bdf9e9b778875f38ed (diff) | |
download | ruby-d10d5a974d81628605cf4d69b9e1a9b13fd43651.tar.gz |
pack.c: check index range
* pack.c (pack_pack): always check index range against the
receiver array length, which can be shortened by elements
conversion. reported by Marcin 'Icewall' Noga of Cisco Talos.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53080 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'pack.c')
-rw-r--r-- | pack.c | 10 |
1 files changed, 5 insertions, 5 deletions
@@ -361,7 +361,7 @@ pack_pack(VALUE ary, VALUE fmt) const char *p, *pend; VALUE res, from, associates = 0; char type; - long items, len, idx, plen; + long len, idx, plen; const char *ptr; int enc_info = 1; /* 0 - BINARY, 1 - US-ASCII, 2 - UTF-8 */ #ifdef NATINT_PACK @@ -374,12 +374,12 @@ pack_pack(VALUE ary, VALUE fmt) pend = p + RSTRING_LEN(fmt); res = rb_str_buf_new(0); - items = RARRAY_LEN(ary); idx = 0; #define TOO_FEW (rb_raise(rb_eArgError, toofew), 0) -#define THISFROM (items > 0 ? RARRAY_AREF(ary, idx) : TOO_FEW) -#define NEXTFROM (items-- > 0 ? RARRAY_AREF(ary, idx++) : TOO_FEW) +#define MORE_ITEM (idx < RARRAY_LEN(ary)) +#define THISFROM (MORE_ITEM ? RARRAY_AREF(ary, idx) : TOO_FEW) +#define NEXTFROM (MORE_ITEM ? RARRAY_AREF(ary, idx++) : TOO_FEW) while (p < pend) { int explicit_endian = 0; @@ -431,7 +431,7 @@ pack_pack(VALUE ary, VALUE fmt) if (*p == '*') { /* set data length */ len = strchr("@Xxu", type) ? 0 : strchr("PMm", type) ? 1 - : items; + : RARRAY_LEN(ary) - idx; p++; } else if (ISDIGIT(*p)) { |