- 19 Nov, 2018 14 commits
-
-
Yukihiro "Matz" Matsumoto authored
-
Yukihiro "Matz" Matsumoto authored
-
Yukihiro "Matz" Matsumoto authored
-
Yukihiro "Matz" Matsumoto authored
-
Yukihiro "Matz" Matsumoto authored
-
Yukihiro "Matz" Matsumoto authored
-
Yukihiro "Matz" Matsumoto authored
Because `try_convert` method rarely used in production. For mruby users, we have `__to_str` utility method to check string type.
-
Yukihiro "Matz" Matsumoto authored
We have added internal convenience method `__to_str` which does string type check. The issue #3854 was fixed but fundamental flaw of lack of stack depth check along with fibers still remains. Use `MRB_GC_FIXED_ARENA` for workaround.
-
Yukihiro "Matz" Matsumoto authored
The ISO standard does not include implicit type conversion using `to_int`. This implicit conversion often causes vulnerability. There will be no more attacks like #4120. In addition, we have added internal convenience method `__to_int` which does type check and conversion (from floats).
-
Yukihiro "Matz" Matsumoto authored
-
Yukihiro "Matz" Matsumoto authored
The issue #3920 was fixed but the fundamental flaw of lack of stack depth check along with fibers still remains, even though it's not easy to cause the issue. Use `MRB_GC_FIXED_ARENA` to avoid the issue for workaround. After this patch, `obj.to_enum` raises `ArgumentError` if the object does not respond to the enumerating method. This is incompatible to CRuby but I think this behavior is better and CRuby should be updated to behave like this.
-
Yukihiro "Matz" Matsumoto authored
-
Yukihiro "Matz" Matsumoto authored
-
Yukihiro "Matz" Matsumoto authored
-
- 15 Nov, 2018 9 commits
-
-
Yukihiro "Matz" Matsumoto authored
The GC may occur between `sg_shift` and `mrb_assoc_new`, in which case `key` and `value` could be freed even tough they are still alive. The issue is found and fixed by https://hackerone.com/hexodus
-
Yukihiro "Matz" Matsumoto authored
The saving `pc` position should be beginning of the instruction. But after `mruby 2.0` byte code modification, the `pc` variable points the beginning of the next instruction. We save the previous position in a local variable `pc0`.
-
Yukihiro "Matz" Matsumoto authored
Line number information in a compiled file was wrong.
-
Yukihiro "Matz" Matsumoto authored
-
Yukihiro "Matz" Matsumoto authored
-
Yukihiro "Matz" Matsumoto authored
-
Yukihiro "Matz" Matsumoto authored
-
Yukihiro "Matz" Matsumoto authored
This patch slightly reduce memory consumption (2% for my test).
-
Yukihiro "Matz" Matsumoto authored
-
- 14 Nov, 2018 2 commits
-
-
Yukihiro "Matz" Matsumoto authored
-
Yukihiro "Matz" Matsumoto authored
The issue is reported by `https://hackerone.com/dgaletic`.
-
- 07 Nov, 2018 2 commits
-
-
Yukihiro "Matz" Matsumoto authored
Wrong pool data length for negative floating value in a mrb file.
-
Hiroshi Mimaki authored
-
- 05 Nov, 2018 1 commit
-
-
Yukihiro "Matz" Matsumoto authored
-
- 04 Nov, 2018 1 commit
-
-
Yukihiro "Matz" Matsumoto authored
-
- 02 Nov, 2018 6 commits
-
-
Yukihiro "Matz" Matsumoto authored
It should be done by planned embedded symbols.
-
Yukihiro "Matz" Matsumoto authored
Reduce instruction size
-
Yukihiro "Matz" Matsumoto authored
Since our new VM instruction is byte based, there's no need to endian conversion of instruction sequences.
-
take-cheeze authored
-
take-cheeze authored
-
Yukihiro "Matz" Matsumoto authored
-
- 01 Nov, 2018 5 commits
-
-
Yukihiro "Matz" Matsumoto authored
-
Yukihiro "Matz" Matsumoto authored
-
Yukihiro "Matz" Matsumoto authored
-
Yukihiro "Matz" Matsumoto authored
-
Yukihiro "Matz" Matsumoto authored
By dffa203d that reclaim `env` objects from heaps, there's more chance for `env` objects referenced from fibers may be freed from heap pages.
-