Prevent splicing big recursive arrrays; ref #3679

We know this is not perfect, but this change makes hack like #3679 bit harder. Harmless for useful cases.

Prevent splicing big recursive arrrays; ref #3679
We know this is not perfect, but this change makes hack like #3679 bit harder. Harmless for useful cases.
2837de95 · Yukihiro "Matz" Matsumoto · b4a4e3c0 · 2837de95
Commit 2837de95 authored May 31, 2017 by Yukihiro "Matz" Matsumoto
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 1 deletion

src/array.c src/array.c +6 -1

No files found.
--- a/src/array.c
+++ b/src/array.c
@@ -620,7 +620,12 @@ mrb_ary_splice(mrb_state *mrb, mrb_value ary, mrb_int head, mrb_int len, mrb_val
    argc = RARRAY_LEN(rpl);
    argv = RARRAY_PTR(rpl);
    if (argv == a->ptr) {
-      struct RArray *r = ary_dup(mrb, a);
+      struct RArray *r;
+      if (argc > 32767) {
+        mrb_raise(mrb, E_ARGUMENT_ERROR, "too big recursive splice");
+      }
+      r = ary_dup(mrb, a);
      argv = r->ptr;
    }
  }