aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog5
-rw-r--r--node.c16
2 files changed, 16 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index c402d960db..bf7f3be52b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,7 @@
-Thu Aug 6 10:44:00 2015 Nobuyoshi Nakada <nobu@ruby-lang.org>
+Thu Aug 6 10:49:57 2015 Nobuyoshi Nakada <nobu@ruby-lang.org>
+
+ * node.c (rb_alloc_tmp_buffer): round up the size and check the
+ range.
* ruby_atomic.h (ATOMIC_VALUE_EXCHANGE, ATOMIC_VALUE_CAS): add
atomic operations for VALUE.
diff --git a/node.c b/node.c
index 84e7bddf34..022f5e0925 100644
--- a/node.c
+++ b/node.c
@@ -1079,10 +1079,18 @@ rb_gc_mark_node(NODE *obj)
void *
rb_alloc_tmp_buffer(volatile VALUE *store, long len)
{
- NODE *s = rb_node_newnode(NODE_ALLOCA, 0, 0, 0);
- void *ptr = xmalloc(len);
- s->u1.node = ptr;
- s->u3.cnt = len / sizeof(VALUE);
+ NODE *s;
+ long cnt;
+ void *ptr;
+
+ if (len < 0 || (cnt = (long)roomof(len, sizeof(VALUE))) < 0) {
+ rb_raise(rb_eArgError, "negative buffer size (or size too big)");
+ }
+
+ s = rb_node_newnode(NODE_ALLOCA, 0, 0, 0);
+ ptr = xmalloc(cnt * sizeof(VALUE));
+ s->u1.value = (VALUE)ptr;
+ s->u3.cnt = cnt;
*store = (VALUE)s;
return ptr;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-14 20:25:37 +0000