diff options
| -rw-r--r-- | ChangeLog | 9 | ||||
| -rw-r--r-- | marshal.c | 4 | ||||
| -rw-r--r-- | test/ruby/test_marshal.rb | 20 | ||||
| -rw-r--r-- | version.h | 2 |
4 files changed, 32 insertions, 3 deletions
@@ -1,3 +1,12 @@ +Sun Jun 8 01:45:27 2008 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * marshal.c (r_bytes0): refined length check. [ruby-dev:32059] + +Sun Jun 8 01:45:27 2008 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * marshal.c (r_bytes0): check if source has enough data. + [ruby-dev:32054] + Sun Jun 8 01:37:58 2008 Tanaka Akira <akr@fsij.org> * ext/socket/socket.c (s_accept_nonblock): make accepted fd @@ -468,7 +468,7 @@ w_object(obj, arg, limit) return; } - if (ivtbl = rb_generic_ivar_table(obj)) { + if ((ivtbl = rb_generic_ivar_table(obj)) != 0) { w_byte(TYPE_IVAR, arg); } if (obj == Qnil) { @@ -873,7 +873,7 @@ r_bytes0(len, arg) if (len == 0) return rb_str_new(0, 0); if (TYPE(arg->src) == T_STRING) { - if (RSTRING(arg->src)->len > arg->offset) { + if (RSTRING(arg->src)->len - arg->offset >= len) { str = rb_str_new(RSTRING(arg->src)->ptr+arg->offset, len); arg->offset += len; } diff --git a/test/ruby/test_marshal.rb b/test/ruby/test_marshal.rb index 9c9fd9470b..11f3583076 100644 --- a/test/ruby/test_marshal.rb +++ b/test/ruby/test_marshal.rb @@ -45,4 +45,24 @@ class TestMarshal < Test::Unit::TestCase assert_equal(a, b) } end + + class C + def initialize(str) + @str = str + end + def _dump(limit) + @str + end + def self._load(s) + new(s) + end + end + + def test_too_long_string + (data = Marshal.dump(C.new("a")))[-2, 1] = "\003\377\377\377" + e = assert_raise(ArgumentError, "[ruby-dev:32054]") { + Marshal.load(data) + } + assert_equal("marshal data too short", e.message) + end end @@ -2,7 +2,7 @@ #define RUBY_RELEASE_DATE "2008-06-08" #define RUBY_VERSION_CODE 185 #define RUBY_RELEASE_CODE 20080608 -#define RUBY_PATCHLEVEL 135 +#define RUBY_PATCHLEVEL 136 #define RUBY_VERSION_MAJOR 1 #define RUBY_VERSION_MINOR 8 |