diff options
author | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-12-13 09:25:15 +0000 |
---|---|---|
committer | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-12-13 09:25:15 +0000 |
commit | 62539b49a7aebd4a948fef30461841e123bad461 (patch) | |
tree | 27bfabf7ec41a872d5a5827d5238539d3e876b06 | |
parent | b2d3c6a86fdde1df115a039aaed49fa11cc03a9f (diff) | |
download | ruby-62539b49a7aebd4a948fef30461841e123bad461.tar.gz |
tkutil.c: array length
* ext/tk/tkutil/tkutil.c (cbsubst_table_setup): check length of
argument arrays for each access, as callback methods can modify
them. reported by Marcin 'Icewall' Noga of Cisco Talos.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53076 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | ext/tk/tkutil/tkutil.c | 12 |
2 files changed, 9 insertions, 9 deletions
@@ -1,4 +1,8 @@ -Sun Dec 13 18:23:37 2015 Nobuyoshi Nakada <nobu@ruby-lang.org> +Sun Dec 13 18:25:16 2015 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * ext/tk/tkutil/tkutil.c (cbsubst_table_setup): check length of + argument arrays for each access, as callback methods can modify + them. reported by Marcin 'Icewall' Noga of Cisco Talos. * ext/tk/tkutil/tkutil.c (cbsubst_table_setup): check types of argument elements. reported by Marcin 'Icewall' Noga of Cisco diff --git a/ext/tk/tkutil/tkutil.c b/ext/tk/tkutil/tkutil.c index adc14c0cff..fc9ed2d5e3 100644 --- a/ext/tk/tkutil/tkutil.c +++ b/ext/tk/tkutil/tkutil.c @@ -1568,7 +1568,7 @@ cbsubst_table_setup(argc, argv, self) const VALUE *infp; ID id; struct cbsubst_info *subst_inf; - long idx, len; + long idx; unsigned char chr; /* accept (key_inf, proc_inf) or (key_inf, longkey_inf, procinf) */ @@ -1594,8 +1594,7 @@ cbsubst_table_setup(argc, argv, self) * type ==> char code or string * ivar ==> symbol */ - len = RARRAY_LEN(key_inf); - for(idx = 0; idx < len; idx++) { + for(idx = 0; idx < RARRAY_LEN(key_inf); idx++) { inf = RARRAY_AREF(key_inf, idx); if (!RB_TYPE_P(inf, T_ARRAY)) continue; if (RARRAY_LEN(inf) < 3) continue; @@ -1622,8 +1621,7 @@ cbsubst_table_setup(argc, argv, self) * type ==> char code or string * ivar ==> symbol */ - len = RARRAY_LEN(longkey_inf); - for(idx = 0; idx < len; idx++) { + for(idx = 0; idx < RARRAY_LEN(longkey_inf); idx++) { inf = RARRAY_AREF(longkey_inf, idx); if (!RB_TYPE_P(inf, T_ARRAY)) continue; if (RARRAY_LEN(inf) < 3) continue; @@ -1652,9 +1650,7 @@ cbsubst_table_setup(argc, argv, self) * type ==> char code or string * proc ==> proc/method/obj (must respond to 'call') */ - len = RARRAY_LEN(proc_inf); - for(idx = 0; idx < len; idx++) { - VALUE type, proc; + for(idx = 0; idx < RARRAY_LEN(proc_inf); idx++) { inf = RARRAY_AREF(proc_inf, idx); if (!RB_TYPE_P(inf, T_ARRAY)) continue; if (RARRAY_LEN(inf) < 2) continue; |