diff options
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | test/ruby/test_marshal.rb | 10 | ||||
| -rw-r--r-- | variable.c | 13 |
3 files changed, 17 insertions, 11 deletions
@@ -1,4 +1,7 @@ -Sun Jun 19 10:54:40 2016 Nobuyoshi Nakada <nobu@ruby-lang.org> +Sun Jun 19 11:19:43 2016 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * variable.c (rb_path_to_class): consider the string length + instead of a terminator. * variable.c (rb_path_to_class): search the constant at once instead of checking if defined and then getting it. diff --git a/test/ruby/test_marshal.rb b/test/ruby/test_marshal.rb index b723fcae3c..8bfca5561f 100644 --- a/test/ruby/test_marshal.rb +++ b/test/ruby/test_marshal.rb @@ -719,10 +719,12 @@ class TestMarshal < Test::Unit::TestCase end def test_marshal_load_extended_class_crash - crash = "\x04\be:\x0F\x00omparableo:\vObject\x00" - - opt = %w[--disable=gems] - assert_ruby_status(opt, "Marshal.load(#{crash.dump})") + assert_separately([], "#{<<-"begin;"}\n#{<<-"end;"}") + begin; + assert_raise_with_message(ArgumentError, /undefined/) do + Marshal.load("\x04\be:\x0F\x00omparableo:\vObject\x00") + end + end; end def test_marshal_load_r_prepare_reference_crash diff --git a/variable.c b/variable.c index 80acee46ea..4d3222b5db 100644 --- a/variable.c +++ b/variable.c @@ -389,7 +389,7 @@ VALUE rb_path_to_class(VALUE pathname) { rb_encoding *enc = rb_enc_get(pathname); - const char *pbeg, *p, *path = RSTRING_PTR(pathname); + const char *pbeg, *pend, *p, *path = RSTRING_PTR(pathname); ID id; VALUE c = rb_cObject; @@ -397,15 +397,16 @@ rb_path_to_class(VALUE pathname) rb_raise(rb_eArgError, "invalid class path encoding (non ASCII)"); } pbeg = p = path; - if (path[0] == '#') { + pend = path + RSTRING_LEN(pathname); + if (path == pend || path[0] == '#') { rb_raise(rb_eArgError, "can't retrieve anonymous class %"PRIsVALUE, QUOTE(pathname)); } - while (*p) { - while (*p && *p != ':') p++; + while (p < pend) { + while (p < pend && *p != ':') p++; id = rb_check_id_cstr(pbeg, p-pbeg, enc); - if (p[0] == ':') { - if (p[1] != ':') goto undefined_class; + if (p < pend && p[0] == ':') { + if ((size_t)(pend - p) < 2 || p[1] != ':') goto undefined_class; p += 2; pbeg = p; } |