diff options
author | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2005-08-16 15:24:15 +0000 |
---|---|---|
committer | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2005-08-16 15:24:15 +0000 |
commit | 17957e0dfca25957556bdccd3590be9b9dee5923 (patch) | |
tree | b85cb6965607683d81965135886dbff708911b3c | |
parent | e6a104131a39fd051c1a5ab7111dc67b266a1851 (diff) | |
download | ruby-17957e0dfca25957556bdccd3590be9b9dee5923.tar.gz |
* eval.c (rb_add_method): preserve safe level in the environment
where a method is defined .
* eval.c (rb_call0): restore preserved safe level in the method
execution.
* parse.y (lambda): need separate block variable stack
manipulation and lpar_beg maintenance. based on a patch found
in [ruby-core:05551] from Mauricio Fernandez <mfp@acm.org>.
* parse.y (parser_yylex): adjust lpar_beg after tLAMBEG and
kDO_LAMBDA. [ruby-core:05551]
* parse.y (yycompile): remove unreachable code. [yarv-dev:570]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@8994 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 20 | ||||
-rw-r--r-- | eval.c | 45 | ||||
-rw-r--r-- | parse.y | 37 |
3 files changed, 59 insertions, 43 deletions
@@ -1,3 +1,18 @@ +Wed Aug 17 00:05:46 2005 Yukihiro Matsumoto <matz@ruby-lang.org> + + * eval.c (rb_add_method): preserve safe level in the environment + where a method is defined . + + * eval.c (rb_call0): restore preserved safe level in the method + execution. + + * parse.y (lambda): need separate block variable stack + manipulation and lpar_beg maintenance. based on a patch found + in [ruby-core:05551] from Mauricio Fernandez <mfp@acm.org>. + + * parse.y (parser_yylex): adjust lpar_beg after tLAMBEG and + kDO_LAMBDA. [ruby-core:05551] + Mon Aug 15 07:24:38 2005 Nobuyoshi Nakada <nobu@ruby-lang.org> * intern.h (rb_check_to_integer): add declaration. @@ -11,6 +26,10 @@ Mon Aug 15 00:38:51 2005 Nobuyoshi Nakada <nobu@ruby-lang.org> * range.c (range_check, range_init): reduce uselse exceptions. +Mon Aug 15 00:34:11 2005 Yukihiro Matsumoto <matz@ruby-lang.org> + + * parse.y (yycompile): remove unreachable code. [yarv-dev:570] + Sat Aug 13 22:16:12 2005 Minero Aoki <aamine@loveruby.net> * lib/fileutils.rb (remove_entry_secure): forgot final chdir. @@ -28,6 +47,7 @@ Sat Aug 13 21:11:05 2005 Masaki Suketa <masaki.suketa@nifty.ne.jp> * ext/win32ole/tests/testOLEVARIANT.rb: ditto. +>>>>>>> 1.4488 Sat Aug 13 18:51:26 2005 Nobuyoshi Nakada <nobu@ruby-lang.org> * eval.c (rb_block_pass): distinguish current block from others. @@ -377,6 +377,9 @@ static ID init, eqq, each, aref, aset, match, missing; static ID added, singleton_added; static ID __id__, __send__, respond_to; +#define NOEX_WITH_SAFE(n) ((n) | ruby_safe_level << 4) +#define NOEX_SAFE(n) ((n) >> 4) + void rb_add_method(klass, mid, node, noex) VALUE klass; @@ -403,7 +406,7 @@ rb_add_method(klass, mid, node, noex) } if (OBJ_FROZEN(klass)) rb_error_frozen("class/module"); rb_clear_cache_by_id(mid); - body = NEW_METHOD(node, noex); + body = NEW_METHOD(node, NOEX_WITH_SAFE(noex)); st_insert(RCLASS(klass)->m_tbl, mid, (st_data_t)body); if (node && mid != ID_ALLOCATOR && ruby_running) { if (FL_TEST(klass, FL_SINGLETON)) { @@ -5796,20 +5799,21 @@ formal_assign(recv, node, argc, argv, local_vars) } static VALUE -rb_call0(klass, recv, id, oid, argc, argv, body, nosuper) +rb_call0(klass, recv, id, oid, argc, argv, body, flags) VALUE klass, recv; ID id; ID oid; int argc; /* OK */ VALUE *argv; /* OK */ NODE * volatile body; - int nosuper; + int flags; { NODE *b2; /* OK */ volatile VALUE result = Qnil; int itr; static int tick; volatile VALUE args; + volatile int safe = -1; TMP_PROTECT; switch (ruby_iter->iter) { @@ -5838,7 +5842,7 @@ rb_call0(klass, recv, id, oid, argc, argv, body, nosuper) PUSH_FRAME(); ruby_frame->callee = id; ruby_frame->this_func = oid; - ruby_frame->this_class = nosuper?0:klass; + ruby_frame->this_class = (flags & NOEX_NOSUPER)?0:klass; ruby_frame->self = recv; ruby_frame->argc = argc; @@ -5902,7 +5906,6 @@ rb_call0(klass, recv, id, oid, argc, argv, body, nosuper) NODE *saved_cref = 0; PUSH_SCOPE(); - if (body->nd_rval) { saved_cref = ruby_cref; ruby_cref = (NODE*)body->nd_rval; @@ -5923,7 +5926,10 @@ rb_call0(klass, recv, id, oid, argc, argv, body, nosuper) PUSH_VARS(); PUSH_TAG(PROT_FUNC); - + if (NOEX_SAFE(flags) > ruby_safe_level) { + safe = ruby_safe_level; + ruby_safe_level = NOEX_SAFE(flags); + } if ((state = EXEC_TAG()) == 0) { NODE *node = 0; @@ -5953,6 +5959,7 @@ rb_call0(klass, recv, id, oid, argc, argv, body, nosuper) POP_CLASS(); POP_SCOPE(); ruby_cref = saved_cref; + if (safe > 0) ruby_safe_level = safe; if (event_hooks) { EXEC_EVENT_HOOK(RUBY_EVENT_RETURN, body, recv, id, klass); } @@ -6035,7 +6042,7 @@ rb_call(klass, recv, mid, argc, argv, scope) } } - return rb_call0(klass, recv, mid, id, argc, argv, body, noex & NOEX_NOSUPER); + return rb_call0(klass, recv, mid, id, argc, argv, body, noex); } VALUE @@ -8825,10 +8832,9 @@ rb_block_pass(func, arg, proc) proc = b; } - if (ruby_safe_level >= 1 && OBJ_TAINTED(proc)) { - if (ruby_safe_level > proc_get_safe_level(proc)) { - rb_raise(rb_eSecurityError, "Insecure: tainted block value"); - } + if (ruby_safe_level >= 1 && OBJ_TAINTED(proc) && + ruby_safe_level > proc_get_safe_level(proc)) { + rb_raise(rb_eSecurityError, "Insecure: tainted block value"); } if (ruby_block && ruby_block->block_obj == proc) { @@ -8914,6 +8920,7 @@ struct METHOD { VALUE klass, rklass; VALUE recv; ID id, oid; + int safe_level; NODE *body; }; @@ -8961,6 +8968,7 @@ mnew(klass, obj, id, mklass) data->body = body; data->rklass = rklass; data->oid = oid; + data->safe_level = NOEX_WITH_SAFE(0); OBJ_INFECT(method, klass); return method; @@ -9189,26 +9197,15 @@ rb_method_call(argc, argv, method) { VALUE result = Qnil; /* OK */ struct METHOD *data; - int state; - volatile int safe = -1; Data_Get_Struct(method, struct METHOD, data); if (data->recv == Qundef) { rb_raise(rb_eTypeError, "can't call unbound method; bind first"); } PUSH_ITER(rb_block_given_p()?ITER_PRE:ITER_NOT); - PUSH_TAG(PROT_NONE); - if (OBJ_TAINTED(method)) { - safe = ruby_safe_level; - if (ruby_safe_level < 4) ruby_safe_level = 4; - } - if ((state = EXEC_TAG()) == 0) { - result = rb_call0(data->klass,data->recv,data->id,data->oid,argc,argv,data->body,0); - } - POP_TAG(); + result = rb_call0(data->klass,data->recv,data->id,data->oid,argc,argv,data->body, + data->safe_level); POP_ITER(); - if (safe >= 0) ruby_safe_level = safe; - if (state) JUMP_TAG(state); return result; } @@ -2606,8 +2606,7 @@ primary : literal $$ = dispatch2(iter_block, $1, $2); %*/ } - | tLAMBDA - lambda + | tLAMBDA lambda { $$ = $2; } @@ -3178,13 +3177,15 @@ bv_decl : tIDENTIFIER ; lambda : { - $<num>$ = lpar_beg; - lpar_beg = ++paren_nest; /*%%%*/ $<vars>$ = dyna_push(); /*% %*/ - } + } + { + $<num>$ = lpar_beg; + lpar_beg = ++paren_nest; + } f_larglist { $<vars>$ = ruby_dyna_vars; @@ -3192,11 +3193,12 @@ lambda : { lambda_body { /*%%%*/ - $$ = $2; - $$->nd_body = block_append($$->nd_body, $4); + $$ = $3; + $$->nd_body = block_append($$->nd_body, $5); dyna_pop($<vars>1); + lpar_beg = $<num>2; /*% - $$ = dispatch2(lambda, $2, $4); + $$ = dispatch2(lambda, $3, $5); %*/ } ; @@ -3219,15 +3221,11 @@ f_larglist : '(' f_args opt_bv_decl rparen } ; -lambda_body : tLAMBEG - compstmt - '}' +lambda_body : tLAMBEG compstmt '}' { $$ = $2; } - | kDO_LAMBDA - compstmt - kEND + | kDO_LAMBDA compstmt kEND { $$ = $2; } @@ -4360,7 +4358,6 @@ none : /* none */ } ; %% - # undef parser # undef yylex # undef yylval @@ -4568,10 +4565,6 @@ yycompile(parser, f, line) else { return ruby_eval_tree; } - - if (n == 0) node = ruby_eval_tree; - else ruby_eval_tree_begin = 0; - return node; } #endif /* !RIPPER */ @@ -6485,6 +6478,8 @@ parser_yylex(parser) case '{': if (lpar_beg && lpar_beg == paren_nest) { lex_state = EXPR_BEG; + lpar_beg = 0; + --paren_nest; return tLAMBEG; } if (IS_ARG() || lex_state == EXPR_END || lex_state == EXPR_END2) @@ -6805,6 +6800,8 @@ parser_yylex(parser) } if (kw->id[0] == kDO) { if (lpar_beg && lpar_beg == paren_nest) { + lpar_beg = 0; + --paren_nest; return kDO_LAMBDA; } if (COND_P()) return kDO_COND; @@ -8722,6 +8719,8 @@ parser_initialize(parser) parser->parser_cond_stack = 0; parser->parser_cmdarg_stack = 0; parser->parser_class_nest = 0; + parser->parser_paren_nest = 0; + parser->parser_lpar_beg = 0; parser->parser_in_single = 0; parser->parser_in_def = 0; parser->parser_in_defined = 0; |