From ae35b252b992fc0c6f23f5c9b746763f994fc39d Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Sun, 13 Dec 2015 09:26:30 +0000
Subject: tkutil.c: check arg

* ext/tk/tkutil/tkutil.c (tk_hash_kv): check types of array
  argument.  reported by Marcin 'Icewall' Noga of Cisco Talos.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53077 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog              | 5 ++++-
 ext/tk/tkutil/tkutil.c | 1 +
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index acc2d637af..6dc79717c8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,7 @@
-Sun Dec 13 18:25:16 2015  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+Sun Dec 13 18:26:31 2015  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* ext/tk/tkutil/tkutil.c (tk_hash_kv): check types of array
+	  argument.  reported by Marcin 'Icewall' Noga of Cisco Talos.
 
 	* ext/tk/tkutil/tkutil.c (cbsubst_table_setup): check length of
 	  argument arrays for each access, as callback methods can modify
diff --git a/ext/tk/tkutil/tkutil.c b/ext/tk/tkutil/tkutil.c
index fc9ed2d5e3..147dfa23d1 100644
--- a/ext/tk/tkutil/tkutil.c
+++ b/ext/tk/tkutil/tkutil.c
@@ -804,6 +804,7 @@ tk_hash_kv(argc, argv, self)
     switch(argc) {
     case 3:
         ary = argv[2];
+	Check_Type(ary, T_ARRAY);
     case 2:
         enc_flag = argv[1];
     case 1:
-- 
cgit v1.2.3