Skip to content

M
mruby
Commit 7ccc6fa2 authored by Yukihiro "Matz" Matsumoto's avatar Yukihiro "Matz" Matsumoto
Browse files
Options

Merge pull request #460 from iij/pr-nul-in-string 

compiler may generate broken binary if string literal has NUL characters
parents 1b882609 ebf88eec
Hide whitespace changes
Inline Side-by-side
Showing with 10 additions and 14 deletions
src/dump.c
View file @ 7ccc6fa2
...@@ -332,7 +332,7 @@ write_pool_block(mrb_state *mrb, mrb_irep *irep, char *buf, int type) ...@@ -332,7 +332,7 @@ write_pool_block(mrb_state *mrb, mrb_irep *irep, char *buf, int type)
char *buf_top = buf; char *buf_top = buf;
char *char_buf; char *char_buf;
uint16_t buf_size =0; uint16_t buf_size =0;
int len; uint16_t len =0;
buf_size = MRB_DUMP_DEFAULT_STR_LEN; buf_size = MRB_DUMP_DEFAULT_STR_LEN;
if ((char_buf = (char *)mrb_malloc(mrb, buf_size)) == 0) if ((char_buf = (char *)mrb_malloc(mrb, buf_size)) == 0)
...@@ -341,25 +341,23 @@ write_pool_block(mrb_state *mrb, mrb_irep *irep, char *buf, int type) ...@@ -341,25 +341,23 @@ write_pool_block(mrb_state *mrb, mrb_irep *irep, char *buf, int type)
buf += uint32_dump((uint32_t)irep->plen, buf, type); /* number of pool */ buf += uint32_dump((uint32_t)irep->plen, buf, type); /* number of pool */
for (pool_no = 0; pool_no < irep->plen; pool_no++) { for (pool_no = 0; pool_no < irep->plen; pool_no++) {
uint16_t nlen =0;
buf += uint8_dump(mrb_type(irep->pool[pool_no]), buf, type); /* data type */ buf += uint8_dump(mrb_type(irep->pool[pool_no]), buf, type); /* data type */
memset(char_buf, 0, buf_size); memset(char_buf, 0, buf_size);
switch (mrb_type(irep->pool[pool_no])) { switch (mrb_type(irep->pool[pool_no])) {
case MRB_TT_FIXNUM: case MRB_TT_FIXNUM:
sprintf(char_buf, "%d", mrb_fixnum(irep->pool[pool_no])); len = sprintf(char_buf, "%d", mrb_fixnum(irep->pool[pool_no]));
break; break;
case MRB_TT_FLOAT: case MRB_TT_FLOAT:
sprintf(char_buf, "%.16e", mrb_float(irep->pool[pool_no])); len = sprintf(char_buf, "%.16e", mrb_float(irep->pool[pool_no]));
break; break;
case MRB_TT_STRING: case MRB_TT_STRING:
str = mrb_string_value( mrb, &irep->pool[pool_no]); str = mrb_string_value( mrb, &irep->pool[pool_no]);
nlen = str_dump_len(RSTRING_PTR(str), RSTRING_LEN(str), type); len = str_dump_len(RSTRING_PTR(str), RSTRING_LEN(str), type);
if ( nlen > buf_size - 1) { if ( len > buf_size - 1) {
buf_size = nlen + 1; buf_size = len + 1;
if ((char_buf = (char *)mrb_realloc(mrb, char_buf, buf_size)) == 0) if ((char_buf = (char *)mrb_realloc(mrb, char_buf, buf_size)) == 0)
goto error_exit; goto error_exit;
memset(char_buf, 0, buf_size); memset(char_buf, 0, buf_size);
...@@ -370,9 +368,9 @@ write_pool_block(mrb_state *mrb, mrb_irep *irep, char *buf, int type) ...@@ -370,9 +368,9 @@ write_pool_block(mrb_state *mrb, mrb_irep *irep, char *buf, int type)
#ifdef ENABLE_REGEXP #ifdef ENABLE_REGEXP
case MRB_TT_REGEX: case MRB_TT_REGEX:
str = mrb_reg_to_s(mrb, irep->pool[pool_no]); str = mrb_reg_to_s(mrb, irep->pool[pool_no]);
nlen = str_dump_len(RSTRING_PTR(str), RSTRING_LEN(str), type); len = str_dump_len(RSTRING_PTR(str), RSTRING_LEN(str), type);
if ( nlen > buf_size - 1) { if ( len > buf_size - 1) {
buf_size = nlen + 1; buf_size = len + 1;
if ((char_buf = mrb_realloc(mrb, char_buf, buf_size)) == 0) if ((char_buf = mrb_realloc(mrb, char_buf, buf_size)) == 0)
goto error_exit; goto error_exit;
memset(char_buf, 0, buf_size); memset(char_buf, 0, buf_size);
...@@ -386,9 +384,7 @@ write_pool_block(mrb_state *mrb, mrb_irep *irep, char *buf, int type) ...@@ -386,9 +384,7 @@ write_pool_block(mrb_state *mrb, mrb_irep *irep, char *buf, int type)
continue; continue;
} }
len = strlen(char_buf); buf += uint16_dump(len, buf, type); /* data length */
buf += uint16_dump((uint16_t)len, buf, type); /* data length */
memcpy(buf, char_buf, len); memcpy(buf, char_buf, len);
buf += len; buf += len;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment