diff options
author | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-08-06 01:50:00 +0000 |
---|---|---|
committer | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-08-06 01:50:00 +0000 |
commit | 8b6a0f732597e2edd274d5634b464a344821ee9b (patch) | |
tree | 1d389ac0383976f492ae8c154306ef527448a9c3 /node.c | |
parent | ec10c033a7f6ba4819b7a65eb31eba432028f28a (diff) | |
download | ruby-8b6a0f732597e2edd274d5634b464a344821ee9b.tar.gz |
node.c: check size
* node.c (rb_alloc_tmp_buffer): round up the size and check the
range.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51499 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'node.c')
-rw-r--r-- | node.c | 16 |
1 files changed, 12 insertions, 4 deletions
@@ -1079,10 +1079,18 @@ rb_gc_mark_node(NODE *obj) void * rb_alloc_tmp_buffer(volatile VALUE *store, long len) { - NODE *s = rb_node_newnode(NODE_ALLOCA, 0, 0, 0); - void *ptr = xmalloc(len); - s->u1.node = ptr; - s->u3.cnt = len / sizeof(VALUE); + NODE *s; + long cnt; + void *ptr; + + if (len < 0 || (cnt = (long)roomof(len, sizeof(VALUE))) < 0) { + rb_raise(rb_eArgError, "negative buffer size (or size too big)"); + } + + s = rb_node_newnode(NODE_ALLOCA, 0, 0, 0); + ptr = xmalloc(cnt * sizeof(VALUE)); + s->u1.value = (VALUE)ptr; + s->u3.cnt = cnt; *store = (VALUE)s; return ptr; } |