Skip to content

M
mruby
Commit 74837530 authored by Yukihiro "Matz" Matsumoto's avatar Yukihiro "Matz" Matsumoto
Browse files
Options

Check negative offset in `pack` method; fix #3944

parent c5ec37a8
Hide whitespace changes
Inline Side-by-side
Showing with 6 additions and 1 deletion
mrbgems/mruby-pack/src/pack.c
View file @ 74837530
...@@ -107,6 +107,9 @@ static mrb_value ...@@ -107,6 +107,9 @@ static mrb_value
str_len_ensure(mrb_state *mrb, mrb_value str, mrb_int len) str_len_ensure(mrb_state *mrb, mrb_value str, mrb_int len)
{ {
mrb_int n = RSTRING_LEN(str); mrb_int n = RSTRING_LEN(str);
if (len < 0) {
mrb_raise(mrb, E_RANGE_ERROR, "negative (or overflowed) integer");
}
if (len > n) { if (len > n) {
do { do {
n *= 2; n *= 2;
...@@ -840,7 +843,6 @@ pack_x(mrb_state *mrb, mrb_value src, mrb_value dst, mrb_int didx, long count, u ...@@ -840,7 +843,6 @@ pack_x(mrb_state *mrb, mrb_value src, mrb_value dst, mrb_int didx, long count, u
} }
return count; return count;
} }
static int static int
unpack_x(mrb_state *mrb, const void *src, int slen, mrb_value ary, int count, unsigned int flags) unpack_x(mrb_state *mrb, const void *src, int slen, mrb_value ary, int count, unsigned int flags)
{ {
...@@ -1176,6 +1178,9 @@ mrb_pack_pack(mrb_state *mrb, mrb_value ary) ...@@ -1176,6 +1178,9 @@ mrb_pack_pack(mrb_state *mrb, mrb_value ary)
count--; count--;
} }
} }
if (ridx < 0) {
mrb_raise(mrb, E_RANGE_ERROR, "negative (or overflowed) template size");
}
} }
mrb_str_resize(mrb, result, ridx); mrb_str_resize(mrb, result, ridx);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment