diff options
author | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-06-01 01:55:10 +0000 |
---|---|---|
committer | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-06-01 01:55:10 +0000 |
commit | 5e635a371381d60a9287d0f80d3dace9f35bde01 (patch) | |
tree | e9d565131db2e79a6f4f8ab0297c82b82efcc220 | |
parent | 5fe7c33e7bad0d812d069014bd7d8d2851b75c33 (diff) | |
download | ruby-5e635a371381d60a9287d0f80d3dace9f35bde01.tar.gz |
tkutil.c: fix out-of-bounds access
* ext/tk/tkutil/tkutil.c (cbsubst_table_setup): check array
length not access out-of-bounds.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50708 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ext/tk/tkutil/tkutil.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/ext/tk/tkutil/tkutil.c b/ext/tk/tkutil/tkutil.c index 5ef4188e9a..c104bbbd99 100644 --- a/ext/tk/tkutil/tkutil.c +++ b/ext/tk/tkutil/tkutil.c @@ -1617,6 +1617,7 @@ cbsubst_table_setup(argc, argv, self) for(idx = 0; idx < len; idx++) { inf = RARRAY_PTR(proc_inf)[idx]; if (!RB_TYPE_P(inf, T_ARRAY)) continue; + if (RARRAY_LEN(inf) < 2) continue; rb_hash_aset(subst_inf->proc, (RB_TYPE_P(RARRAY_PTR(inf)[0], T_STRING)? INT2FIX(*(RSTRING_PTR(RARRAY_PTR(inf)[0]))) : |