diff options
author | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2011-08-28 06:58:06 +0000 |
---|---|---|
committer | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2011-08-28 06:58:06 +0000 |
commit | a3e598f414a467aead3e0e3ec1d42fd0989514e6 (patch) | |
tree | d693cba85456751730ba04dd95c353f1a571baa5 /ext | |
parent | 287d083bab7ef87c31e09b8cf1891d79edcaaffd (diff) | |
download | ruby-a3e598f414a467aead3e0e3ec1d42fd0989514e6.tar.gz |
* backport r33106 from trunk.
* ext/date/date_parse.c (date_zone_to_diff): keep a temporary string
stored in variable while the contents buffer is beeing used.
* ext/date/date_parse.c (date_zone_to_diff): get rid of out of bounds
memory read. [ruby-dev:44409] [Bug #5213]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@33107 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext')
-rw-r--r-- | ext/date/date_parse.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/ext/date/date_parse.c b/ext/date/date_parse.c index 1214f39781..597c25ac55 100644 --- a/ext/date/date_parse.c +++ b/ext/date/date_parse.c @@ -392,10 +392,10 @@ date_zone_to_diff(VALUE str) dl = RSTRING_LEN(str) - (sizeof DST - 1); ds = RSTRING_PTR(str) + dl; - if (strcmp(ss, STD) == 0) { + if (sl >= 0 && strcmp(ss, STD) == 0) { str = rb_str_new(RSTRING_PTR(str), sl); } - else if (strcmp(ds, DST) == 0) { + else if (dl >= 0 && strcmp(ds, DST) == 0) { str = rb_str_new(RSTRING_PTR(str), dl); dst = 1; } @@ -409,7 +409,7 @@ date_zone_to_diff(VALUE str) dl = RSTRING_LEN(str) - (sizeof DST - 1); ds = RSTRING_PTR(str) + dl; - if (strcmp(ds, DST) == 0) { + if (dl >= 0 && strcmp(ds, DST) == 0) { str = rb_str_new(RSTRING_PTR(str), dl); dst = 1; } @@ -441,8 +441,10 @@ date_zone_to_diff(VALUE str) char *s, *p; VALUE sign; VALUE hour = Qnil, min = Qnil, sec = Qnil; + VALUE str_orig; s = RSTRING_PTR(str); + str_orig = str; if (strncmp(s, "gmt", 3) == 0 || strncmp(s, "utc", 3) == 0) @@ -467,6 +469,7 @@ date_zone_to_diff(VALUE str) } else min = rb_str_new2(s); + RB_GC_GUARD(str_orig); goto num; } if (strpbrk(RSTRING_PTR(str), ",.")) { |