diff options
author | ko1 <ko1@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-07-11 07:42:27 +0000 |
---|---|---|
committer | ko1 <ko1@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-07-11 07:42:27 +0000 |
commit | f3cd074710589f7a670fb35efca5225153a6eeca (patch) | |
tree | 5e8320057bca4983b6d98e71fbbac21b270581c7 | |
parent | 0032a4b15de3ae8bd243b28ffd46a4b1ac2a9513 (diff) | |
download | ruby-f3cd074710589f7a670fb35efca5225153a6eeca.tar.gz |
tainted string should be tainted.
* hash.c (hash_aset_str): create frozen string for tainted objects.
(should not use fsting table on this case).
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59310 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | hash.c | 32 | ||||
-rw-r--r-- | test/ruby/test_hash.rb | 11 |
2 files changed, 34 insertions, 9 deletions
@@ -1516,20 +1516,34 @@ hash_aset(st_data_t *key, st_data_t *val, struct update_arg *arg, int existing) return ST_CONTINUE; } +static VALUE +fstring_existing_str(VALUE str) +{ + st_data_t fstr; + st_table *tbl = rb_vm_fstring_table(); + + if (st_lookup(tbl, str, &fstr)) { + if (rb_objspace_garbage_object_p(fstr)) { + return rb_fstring(str); + } + else { + return (VALUE)fstr; + } + } + else { + return Qnil; + } +} + static int hash_aset_str(st_data_t *key, st_data_t *val, struct update_arg *arg, int existing) { if (!existing && !RB_OBJ_FROZEN(*key)) { - st_data_t fstr; - st_table *tbl = rb_vm_fstring_table(); + VALUE k; - if (st_lookup(tbl, *key, &fstr)) { - if (rb_objspace_garbage_object_p(fstr)) { - *key = rb_fstring(*key); - } - else { - *key = (VALUE)fstr; - } + if (!RB_OBJ_TAINTED(*key) && + (k = fstring_existing_str(*key)) != Qnil) { + *key = k; } else { *key = rb_str_new_frozen(*key); diff --git a/test/ruby/test_hash.rb b/test/ruby/test_hash.rb index 798bd2fe60..d915e52bde 100644 --- a/test/ruby/test_hash.rb +++ b/test/ruby/test_hash.rb @@ -300,6 +300,17 @@ class TestHash < Test::Unit::TestCase assert_same "ABC".freeze, a.keys[0] end + def test_tainted_string_key + str = 'str'.taint + h = {} + h[str] = nil + key = h.keys.first + assert_equal true, str.tainted? + assert_equal false, str.frozen? + assert_equal true, key.tainted? + assert_equal true, key.frozen? + end + def test_EQUAL # '==' h1 = @cls[ "a" => 1, "c" => 2 ] h2 = @cls[ "a" => 1, "c" => 2, 7 => 35 ] |