From 238394e7384d68627b1faa9a45c95517e9ea47e3 Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Fri, 29 May 2015 05:39:03 +0000
Subject: parse.y: check NTH_REF range

* compile.c (iseq_compile_each): out of range NTH_REF is always
  nil.
* parse.y (parse_numvar): check overflow of NTH_REF and range.
  [ruby-core:69393] [Bug #11192]
* util.c (ruby_scan_digits): make public and add length parameter.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50671 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 util.c | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

(limited to 'util.c')

diff --git a/util.c b/util.c
index 807f43f29e..0319fb5b49 100644
--- a/util.c
+++ b/util.c
@@ -76,21 +76,25 @@ const signed char ruby_digit36_to_number_table[] = {
     /*f*/ -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
 };
 
-static unsigned long
-scan_digits(const char *str, int base, size_t *retlen, int *overflow)
+unsigned long
+ruby_scan_digits(const char *str, ssize_t len, int base, size_t *retlen, int *overflow)
 {
 
     const char *start = str;
     unsigned long ret = 0, x;
     unsigned long mul_overflow = (~(unsigned long)0) / base;
-    int c;
+
     *overflow = 0;
 
-    while ((c = (unsigned char)*str++) != '\0') {
-        int d = ruby_digit36_to_number_table[c];
+    if (!len) {
+	*retlen = 0;
+	return 0;
+    }
+
+    do {
+	int d = ruby_digit36_to_number_table[(unsigned char)*str++];
         if (d == -1 || base <= d) {
-            *retlen = (str-1) - start;
-            return ret;
+	    break;
         }
         if (mul_overflow < ret)
             *overflow = 1;
@@ -99,7 +103,7 @@ scan_digits(const char *str, int base, size_t *retlen, int *overflow)
         ret += d;
         if (ret < x)
             *overflow = 1;
-    }
+    } while (len < 0 || --len);
     *retlen = (str-1) - start;
     return ret;
 }
@@ -151,7 +155,7 @@ ruby_strtoul(const char *str, char **endptr, int base)
         b = base == 0 ? 10 : base;
     }
 
-    ret = scan_digits(str, b, &len, &overflow);
+    ret = ruby_scan_digits(str, -1, b, &len, &overflow);
 
     if (0 < len)
         subject_found = str+len;
-- 
cgit v1.2.1