diff options
author | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-12-13 09:23:36 +0000 |
---|---|---|
committer | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-12-13 09:23:36 +0000 |
commit | df49bfabe5a969606f7281bb8d5866607d38943d (patch) | |
tree | d2dc18fc152dadbc6c43a86c9bd25575881c0584 /ext | |
parent | 1bc72206cbd85d5c9501ff5a0aba6ff2606c8941 (diff) | |
download | ruby-df49bfabe5a969606f7281bb8d5866607d38943d.tar.gz |
tkutil.c: check args
* ext/tk/tkutil/tkutil.c (cbsubst_table_setup): check types of
argument elements. reported by Marcin 'Icewall' Noga of Cisco
Talos.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53075 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext')
-rw-r--r-- | ext/tk/tkutil/tkutil.c | 27 |
1 files changed, 18 insertions, 9 deletions
diff --git a/ext/tk/tkutil/tkutil.c b/ext/tk/tkutil/tkutil.c index 7dbbc0dbd0..adc14c0cff 100644 --- a/ext/tk/tkutil/tkutil.c +++ b/ext/tk/tkutil/tkutil.c @@ -1564,7 +1564,7 @@ cbsubst_table_setup(argc, argv, self) volatile VALUE key_inf; volatile VALUE longkey_inf; volatile VALUE proc_inf; - VALUE inf; + VALUE inf, subst, name, type, ivar, proc; const VALUE *infp; ID id; struct cbsubst_info *subst_inf; @@ -1598,14 +1598,18 @@ cbsubst_table_setup(argc, argv, self) for(idx = 0; idx < len; idx++) { inf = RARRAY_AREF(key_inf, idx); if (!RB_TYPE_P(inf, T_ARRAY)) continue; + if (RARRAY_LEN(inf) < 3) continue; infp = RARRAY_CONST_PTR(inf); + subst = infp[0]; + type = infp[1]; + ivar = infp[2]; - chr = NUM2CHR(infp[0]); - subst_inf->type[chr] = NUM2CHR(infp[1]); + chr = NUM2CHR(subst); + subst_inf->type[chr] = NUM2CHR(type); subst_inf->full_subst_length += 3; - id = SYM2ID(infp[2]); + id = SYM2ID(ivar); subst_inf->ivar[chr] = rb_intern_str(rb_sprintf("@%"PRIsVALUE, rb_id2str(id))); rb_attr(self, id, 1, 0, Qtrue); @@ -1622,17 +1626,22 @@ cbsubst_table_setup(argc, argv, self) for(idx = 0; idx < len; idx++) { inf = RARRAY_AREF(longkey_inf, idx); if (!RB_TYPE_P(inf, T_ARRAY)) continue; + if (RARRAY_LEN(inf) < 3) continue; infp = RARRAY_CONST_PTR(inf); + name = infp[0]; + type = infp[1]; + ivar = infp[2]; + Check_Type(name, T_STRING); chr = (unsigned char)(0x80 + idx); - subst_inf->keylen[chr] = RSTRING_LEN(infp[0]); - subst_inf->key[chr] = strndup(RSTRING_PTR(infp[0]), - RSTRING_LEN(infp[0])); - subst_inf->type[chr] = NUM2CHR(infp[1]); + subst_inf->keylen[chr] = RSTRING_LEN(name); + subst_inf->key[chr] = strndup(RSTRING_PTR(name), + RSTRING_LEN(name)); + subst_inf->type[chr] = NUM2CHR(type); subst_inf->full_subst_length += (subst_inf->keylen[chr] + 2); - id = SYM2ID(infp[2]); + id = SYM2ID(ivar); subst_inf->ivar[chr] = rb_intern_str(rb_sprintf("@%"PRIsVALUE, rb_id2str(id))); rb_attr(self, id, 1, 0, Qtrue); |