yaml/api.c, yaml/loader.c: integer overflow

* ext/psych/yaml/api.c (yaml_scalar_event_initialize): fix possible integer overflow. (yaml_document_add_scalar): ditto. (yaml_document_add_sequence): ditto. (yaml_document_add_mapping): ditto. * ext/psych/yaml/loader.c (yaml_parser_load_scalar): ditto. (yaml_parser_load_sequence): ditto. (yaml_parser_load_mapping): ditto. * ext/psych/yaml/scanner.c (yaml_parser_roll_indent): suppress warnigs. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44816 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2014-02-05 01:17:28 +0000
committer: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2014-02-05 01:17:28 +0000
commit: 990ba47c24a47dbe428c993b4fb155b90cfd8ab0 (patch)
tree: f0163c8f00a505c5d2b91b08bdddde6933c2466e /ext/psych/yaml/api.c
parent: 0483b29a8bc3a08d22f1c10c583350d29d56c6b3 (diff)
download: ruby-990ba47c24a47dbe428c993b4fb155b90cfd8ab0.tar.gz
1 files changed, 38 insertions, 15 deletions
diff --git a/ext/psych/yaml/api.c b/ext/psych/yaml/api.c
index 0c4732e152..1b6edc9373 100644
--- a/ext/psych/yaml/api.c
+++ b/ext/psych/yaml/api.c
@@ -822,6 +822,7 @@ yaml_scalar_event_initialize(yaml_event_t *event,
     yaml_char_t *anchor_copy = NULL;
     yaml_char_t *tag_copy = NULL;
     yaml_char_t *value_copy = NULL;
+    size_t value_length;
 
     assert(event);      /* Non-NULL event object is expected. */
     assert(value);      /* Non-NULL anchor is expected. */
@@ -839,16 +840,19 @@ yaml_scalar_event_initialize(yaml_event_t *event,
     }
 
     if (length < 0) {
-        length = strlen((char *)value);
+        value_length = strlen((char *)value);
+    }
+    else {
+        value_length = (size_t)length;
     }
 
-    if (!yaml_check_utf8(value, length)) goto error;
-    value_copy = yaml_malloc(length+1);
+    if (!yaml_check_utf8(value, value_length)) goto error;
+    value_copy = yaml_malloc(value_length+1);
     if (!value_copy) goto error;
-    memcpy(value_copy, value, length);
-    value_copy[length] = '\0';
+    memcpy(value_copy, value, value_length);
+    value_copy[value_length] = '\0';
 
-    SCALAR_EVENT_INIT(*event, anchor_copy, tag_copy, value_copy, length,
+    SCALAR_EVENT_INIT(*event, anchor_copy, tag_copy, value_copy, value_length,
             plain_implicit, quoted_implicit, style, mark, mark);
 
     return 1;
@@ -1202,6 +1206,8 @@ yaml_document_add_scalar(yaml_document_t *document,
     yaml_char_t *tag_copy = NULL;
     yaml_char_t *value_copy = NULL;
     yaml_node_t node;
+    size_t value_length;
+    ptrdiff_t ret;
 
     assert(document);   /* Non-NULL document object is expected. */
     assert(value);      /* Non-NULL value is expected. */
@@ -1215,19 +1221,26 @@ yaml_document_add_scalar(yaml_document_t *document,
     if (!tag_copy) goto error;
 
     if (length < 0) {
-        length = strlen((char *)value);
+        value_length = strlen((char *)value);
+    }
+    else {
+        value_length = (size_t)length;
     }
 
-    if (!yaml_check_utf8(value, length)) goto error;
-    value_copy = yaml_malloc(length+1);
+    if (!yaml_check_utf8(value, value_length)) goto error;
+    value_copy = yaml_malloc(value_length+1);
     if (!value_copy) goto error;
-    memcpy(value_copy, value, length);
-    value_copy[length] = '\0';
+    memcpy(value_copy, value, value_length);
+    value_copy[value_length] = '\0';
 
-    SCALAR_NODE_INIT(node, tag_copy, value_copy, length, style, mark, mark);
+    SCALAR_NODE_INIT(node, tag_copy, value_copy, value_length, style, mark, mark);
     if (!PUSH(&context, document->nodes, node)) goto error;
 
-    return document->nodes.top - document->nodes.start;
+    ret = document->nodes.top - document->nodes.start;
+#if PTRDIFF_MAX > INT_MAX
+    if (ret > INT_MAX) goto error;
+#endif
+    return (int)ret;
 
 error:
     yaml_free(tag_copy);
@@ -1255,6 +1268,7 @@ yaml_document_add_sequence(yaml_document_t *document,
         yaml_node_item_t *top;
     } items = { NULL, NULL, NULL };
     yaml_node_t node;
+    ptrdiff_t ret;
 
     assert(document);   /* Non-NULL document object is expected. */
 
@@ -1272,7 +1286,11 @@ yaml_document_add_sequence(yaml_document_t *document,
             style, mark, mark);
     if (!PUSH(&context, document->nodes, node)) goto error;
 
-    return document->nodes.top - document->nodes.start;
+    ret = document->nodes.top - document->nodes.start;
+#if PTRDIFF_MAX > INT_MAX
+    if (ret > INT_MAX) goto error;
+#endif
+    return (int)ret;
 
 error:
     STACK_DEL(&context, items);
@@ -1300,6 +1318,7 @@ yaml_document_add_mapping(yaml_document_t *document,
         yaml_node_pair_t *top;
     } pairs = { NULL, NULL, NULL };
     yaml_node_t node;
+    ptrdiff_t ret;
 
     assert(document);   /* Non-NULL document object is expected. */
 
@@ -1317,7 +1336,11 @@ yaml_document_add_mapping(yaml_document_t *document,
             style, mark, mark);
     if (!PUSH(&context, document->nodes, node)) goto error;
 
-    return document->nodes.top - document->nodes.start;
+    ret = document->nodes.top - document->nodes.start;
+#if PTRDIFF_MAX > INT_MAX
+    if (ret > INT_MAX) goto error;
+#endif
+    return (int)ret;
 
 error:
     STACK_DEL(&context, pairs);
author	nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2014-02-05 01:17:28 +0000
committer	nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2014-02-05 01:17:28 +0000
commit	990ba47c24a47dbe428c993b4fb155b90cfd8ab0 (patch)
tree	f0163c8f00a505c5d2b91b08bdddde6933c2466e /ext/psych/yaml/api.c
parent	0483b29a8bc3a08d22f1c10c583350d29d56c6b3 (diff)
download	ruby-990ba47c24a47dbe428c993b4fb155b90cfd8ab0.tar.gz