aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog8
-rw-r--r--array.c4
2 files changed, 10 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index 1362301355..68a2db5f32 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,14 @@ Fri Oct 12 15:04:54 2007 Nobuyoshi Nakada <nobu@ruby-lang.org>
* trunk/parse.y (parser_yylex): ditto.
+Fri Oct 12 12:44:11 2007 Yukihiro Matsumoto <matz@ruby-lang.org>
+
+ * array.c (rb_ary_combination): fixed memory corruption due to too
+ small memory allocation
+
+ * array.c (rb_ary_product): accessing out of memory bounds.
+ condition fixed.
+
Thu Oct 11 21:10:17 2007 Yukihiro Matsumoto <matz@ruby-lang.org>
* include/ruby/node.h (NOEX_LOCAL): remove unused local visibility.
diff --git a/array.c b/array.c
index 6360571e40..85573015a7 100644
--- a/array.c
+++ b/array.c
@@ -3112,7 +3112,7 @@ rb_ary_combination(VALUE ary, VALUE num)
}
}
else {
- volatile VALUE t0 = tmpbuf(n, sizeof(long));
+ volatile VALUE t0 = tmpbuf(n+1, sizeof(long));
long *stack = (long*)RSTRING_PTR(t0);
long nlen = combi_len(len, n);
volatile VALUE cc = rb_ary_new2(n);
@@ -3199,7 +3199,7 @@ rb_ary_product(int argc, VALUE *argv, VALUE ary)
*/
m = n-1;
counters[m]++;
- while (m >= 0 && counters[m] == RARRAY_LEN(arrays[m])) {
+ while (m > 0 && counters[m] == RARRAY_LEN(arrays[m])) {
counters[m] = 0;
m--;
counters[m]++;
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-23 19:34:32 +0000