Fix a wrong buffer size to avoid stack corruption

[Bug #15986]
author: Takashi Kokubun <takashikkbn@gmail.com> 2019-07-14 21:48:22 +0900
committer: Takashi Kokubun <takashikkbn@gmail.com> 2019-07-14 21:48:45 +0900
commit: d8cc41c43be65dd4b17e7a6e38f5a7fdf2b247d6 (patch)
tree: 4223db376fb3d03da6fb37b27bb9e80a4ad99f14
parent: 20a3fb3c4b7c564ee7809ac1ed036b4874e47e26 (diff)
download: ruby-d8cc41c43be65dd4b17e7a6e38f5a7fdf2b247d6.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/mjit_worker.c b/mjit_worker.c
index 9f8a5f0bbd..44123e28e1 100644
--- a/mjit_worker.c
+++ b/mjit_worker.c
@@ -1049,8 +1049,8 @@ convert_unit_to_func(struct rb_mjit_unit *unit)
     if (FIXNUM_P(unit->iseq->body->location.first_lineno))
         // FIX2INT may fallback to rb_num2long(), which is a method call and dangerous in MJIT worker. So using only FIX2LONG.
         iseq_lineno = FIX2LONG(unit->iseq->body->location.first_lineno);
-    char *iseq_label = alloca(RSTRING_LEN(unit->iseq->body->location.label));
-    char *iseq_path  = alloca(RSTRING_LEN(rb_iseq_path(unit->iseq)));
+    char *iseq_label = alloca(RSTRING_LEN(unit->iseq->body->location.label) + 1);
+    char *iseq_path  = alloca(RSTRING_LEN(rb_iseq_path(unit->iseq)) + 1);
     strcpy(iseq_label, RSTRING_PTR(unit->iseq->body->location.label));
     strcpy(iseq_path,  RSTRING_PTR(rb_iseq_path(unit->iseq)));
author	Takashi Kokubun <takashikkbn@gmail.com>	2019-07-14 21:48:22 +0900
committer	Takashi Kokubun <takashikkbn@gmail.com>	2019-07-14 21:48:45 +0900
commit	d8cc41c43be65dd4b17e7a6e38f5a7fdf2b247d6 (patch)
tree	4223db376fb3d03da6fb37b27bb9e80a4ad99f14
parent	20a3fb3c4b7c564ee7809ac1ed036b4874e47e26 (diff)
download	ruby-d8cc41c43be65dd4b17e7a6e38f5a7fdf2b247d6.tar.gz