From df3c472ac310fd392287d61aaa7d7dc0a70005a9 Mon Sep 17 00:00:00 2001 From: nobu Date: Fri, 23 Aug 2013 08:17:53 +0000 Subject: win32ole.c: check method name length * ext/win32ole/win32ole.c (fole_missing): reject too long method name, as Ruby string length is limited to long. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@42662 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ext/win32ole/win32ole.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'ext') diff --git a/ext/win32ole/win32ole.c b/ext/win32ole/win32ole.c index 1b39f177f5..1ab525d45f 100644 --- a/ext/win32ole/win32ole.c +++ b/ext/win32ole/win32ole.c @@ -4073,7 +4073,7 @@ fole_missing(int argc, VALUE *argv, VALUE self) { ID id; const char* mname; - int n; + size_t n; rb_check_arity(argc, 1, UNLIMITED_ARGUMENTS); id = rb_to_id(argv[0]); mname = rb_id2name(id); @@ -4081,14 +4081,19 @@ fole_missing(int argc, VALUE *argv, VALUE self) rb_raise(rb_eRuntimeError, "fail: unknown method or property"); } n = strlen(mname); +#if SIZEOF_SIZE_T > SIZEOF_LONG + if (n >= LONG_MAX) { + rb_raise(rb_eRuntimeError, "too long method or property name"); + } +#endif if(mname[n-1] == '=') { rb_check_arity(argc, 2, 2); - argv[0] = rb_enc_str_new(mname, n-1, cWIN32OLE_enc); + argv[0] = rb_enc_str_new(mname, (long)(n-1), cWIN32OLE_enc); return ole_propertyput(self, argv[0], argv[1]); } else { - argv[0] = rb_enc_str_new(mname, n, cWIN32OLE_enc); + argv[0] = rb_enc_str_new(mname, (long)n, cWIN32OLE_enc); return ole_invoke(argc, argv, self, DISPATCH_METHOD|DISPATCH_PROPERTYGET, FALSE); } } -- cgit v1.2.3