Project

General

Profile

Bug #199 ยป 1.8.6p111_sedov_and_lai_backport.patch

Anonymous, 06/25/2008 10:04 AM

View differences:

array.c
20 20
static ID id_cmp;
21 21

  
22 22
#define ARY_DEFAULT_SIZE 16
23
#define	ARY_MAX_SIZE (LONG_MAX / sizeof(VALUE))
23 24

  
24 25
void
25 26
rb_mem_clear(mem, size)
......
120 121
    if (len < 0) {
121 122
	rb_raise(rb_eArgError, "negative array size (or size too big)");
122 123
    }
123
    if (len > 0 && len * sizeof(VALUE) <= len) {
124
    if (len > ARY_MAX_SIZE) {
124 125
	rb_raise(rb_eArgError, "array size too big");
125 126
    }
126 127
    if (len == 0) len++;
......
293 294
    if (len < 0) {
294 295
	rb_raise(rb_eArgError, "negative array size");
295 296
    }
296
    if (len > 0 && len * (long)sizeof(VALUE) <= len) {
297
    if (len > ARY_MAX_SIZE) {
297 298
	rb_raise(rb_eArgError, "array size too big");
298 299
    }
299 300
    if (len > RARRAY(ary)->aux.capa) {
......
359 360
	}
360 361
    }
361 362

  
363
    if (idx >= ARY_MAX_SIZE) {
364
        rb_raise(rb_eIndexError, "index %ld too big", idx);
365
    }
366

  
362 367
    rb_ary_modify(ary);
363 368
    if (idx >= RARRAY(ary)->aux.capa) {
364 369
	long new_capa = RARRAY(ary)->aux.capa / 2;
......
366 371
	if (new_capa < ARY_DEFAULT_SIZE) {
367 372
	    new_capa = ARY_DEFAULT_SIZE;
368 373
	}
374
	if (new_capa >= ARY_MAX_SIZE - idx) {
375
	    new_capa = (ARY_MAX_SIZE - idx) / 2;
376
	}
369 377
	new_capa += idx;
370 378
	if (new_capa * (long)sizeof(VALUE) <= new_capa) {
371 379
	    rb_raise(rb_eArgError, "index too big");
......
975 983
    rb_ary_modify(ary);
976 984

  
977 985
    if (beg >= RARRAY(ary)->len) {
986
	if (beg > ARY_MAX_SIZE - rlen) {
987
	    rb_raise(rb_eIndexError, "index %ld too big", beg);
988
	}
978 989
	len = beg + rlen;
979 990
	if (len >= RARRAY(ary)->aux.capa) {
980 991
	    REALLOC_N(RARRAY(ary)->ptr, VALUE, len);
......
2378 2389
    if (len < 0) {
2379 2390
	rb_raise(rb_eArgError, "negative argument");
2380 2391
    }
2381
    if (LONG_MAX/len < RARRAY(ary)->len) {
2392
    if (ARY_MAX_SIZE/len < RARRAY(ary)->len) {
2382 2393
	rb_raise(rb_eArgError, "argument too big");
2383 2394
    }
2384 2395
    len *= RARRAY(ary)->len;
bignum.c
36 36
#define BIGLO(x) ((BDIGIT)((x) & (BIGRAD-1)))
37 37
#define BDIGMAX ((BDIGIT)-1)
38 38

  
39
#define BIGZEROP(x) (RBIGNUM(x)->len == 0 || (RBIGNUM(x)->len == 1 && BDIGITS(x)[0] == 0))
39
#define BIGZEROP(x) (RBIGNUM(x)->len == 0 || \
40
		     (BDIGITS(x)[0] == 0 && \
41
		      (RBIGNUM(x)->len == 1 || bigzero_p(x))))
42

  
43
static int bigzero_p(VALUE);
44
static int
45
bigzero_p(x)
46
    VALUE x;
47
{
48
    long i;
49
    for (i = 0; i < RBIGNUM(x)->len; ++i) {
50
	if (BDIGITS(x)[i]) return 0;
51
    }
52
    return 1;
53
}
40 54

  
41 55
static VALUE
42 56
bignew_1(klass, len, sign)
......
446 460
    }
447 461
    if (*str == '0') {		/* squeeze preceeding 0s */
448 462
	while (*++str == '0');
449
	if (!*str) --str;
463
	if (!(c = *str) || ISSPACE(c)) --str;
450 464
    }
451 465
    c = *str;
452 466
    c = conv_digit(c);
......
652 666
    if (BIGZEROP(x)) {
653 667
	return rb_str_new2("0");
654 668
    }
669
    if (i >= LONG_MAX/SIZEOF_BDIGITS/CHAR_BIT) {
670
	rb_raise(rb_eRangeError, "bignum too big to convert into `string'");
671
    }
655 672
    j = SIZEOF_BDIGITS*CHAR_BIT*i;
656 673
    switch (base) {
657 674
      case 2: break;
......
706 723
	while (k--) {
707 724
	    s[--j] = ruby_digitmap[num % base];
708 725
	    num /= base;
709
	    if (!trim && j < 1) break;
726
	    if (!trim && j <= 1) break;
710 727
	    if (trim && i == 0 && num == 0) break;
711 728
	}
712 729
    }
eval.c
8332 8332
 * MISSING: documentation
8333 8333
 */
8334 8334

  
8335
#define PROC_TSHIFT (FL_USHIFT+1)
8336
#define PROC_TMASK  (FL_USER1|FL_USER2|FL_USER3)
8337
#define PROC_TMAX   (PROC_TMASK >> PROC_TSHIFT)
8338

  
8339
static int proc_get_safe_level(VALUE);
8340

  
8335 8341
static VALUE
8336 8342
proc_dup(self)
8337 8343
    VALUE self;
8338 8344
{
8339 8345
    struct BLOCK *orig, *data;
8340 8346
    VALUE bind;
8347
    int safe = proc_get_safe_level(self);
8341 8348

  
8342 8349
    Data_Get_Struct(self, struct BLOCK, orig);
8343 8350
    bind = Data_Make_Struct(rb_obj_class(self),struct BLOCK,blk_mark,blk_free,data);
8344 8351
    blk_dup(data, orig);
8352
    if (safe > PROC_TMAX) safe = PROC_TMAX;
8353
    FL_SET(bind, (safe << PROC_TSHIFT) & PROC_TMASK);
8345 8354

  
8346 8355
    return bind;
8347 8356
}
......
8403 8412
    return bind;
8404 8413
}
8405 8414

  
8406
#define PROC_TSHIFT (FL_USHIFT+1)
8407
#define PROC_TMASK  (FL_USER1|FL_USER2|FL_USER3)
8408
#define PROC_TMAX   (PROC_TMASK >> PROC_TSHIFT)
8409

  
8410 8415
#define SAFE_LEVEL_MAX PROC_TMASK
8411 8416

  
8412 8417
static void
intern.h
400 400
void ruby_default_signal _((int));
401 401
/* sprintf.c */
402 402
VALUE rb_f_sprintf _((int, VALUE*));
403
VALUE rb_str_format _((int, VALUE*, VALUE));
403 404
/* string.c */
404 405
VALUE rb_str_new _((const char*, long));
405 406
VALUE rb_str_new2 _((const char*));
io.c
4851 4851
#if !defined(MSDOS) && !defined(__human68k__)
4852 4852
static int
4853 4853
io_cntl(fd, cmd, narg, io_p)
4854
    int fd, cmd, io_p;
4854
    int fd, io_p;
4855 4855
    long narg;
4856
    unsigned long cmd;
4856 4857
{
4857 4858
    int retval;
4858 4859

  
......
4882 4883
    int io_p;
4883 4884
{
4884 4885
#if !defined(MSDOS) && !defined(__human68k__)
4885
    int cmd = NUM2ULONG(req);
4886
    unsigned long cmd = NUM2ULONG(req);
4886 4887
    OpenFile *fptr;
4887 4888
    long len = 0;
4888 4889
    long narg = 0;
lib/webrick/httpservlet/filehandler.rb
163 163
            end
164 164
          end
165 165
        end
166
        prevent_directory_traversal(req, res)
166 167
        super(req, res)
167 168
      end
168 169

  
......
198 199

  
199 200
      private
200 201

  
202
      def prevent_directory_traversal(req, res)
203
        # Preventing directory traversal on DOSISH platforms;
204
        # Backslashes (0x5c) in path_info are not interpreted as special
205
        # character in URI notation. So the value of path_info should be
206
        # normalize before accessing to the filesystem.
207
        if File::ALT_SEPARATOR
208
          # File.expand_path removes the trailing path separator.
209
          # Adding a character is a workaround to save it.
210
          #  File.expand_path("/aaa/")        #=> "/aaa"
211
          #  File.expand_path("/aaa/" + "x")  #=> "/aaa/x"
212
          expanded = File.expand_path(req.path_info + "x")
213
          expanded[-1, 1] = ""  # remove trailing "x"
214
          req.path_info = expanded
215
        end
216
      end
217

  
201 218
      def exec_handler(req, res)
202 219
        raise HTTPStatus::NotFound, "`#{req.path}' not found" unless @root
203 220
        if set_filename(req, res)
......
256 273

  
257 274
      def check_filename(req, res, name)
258 275
        @options[:NondisclosureName].each{|pattern|
259
          if File.fnmatch("/#{pattern}", name)
276
          if File.fnmatch("/#{pattern}", name, File::FNM_CASEFOLD)
260 277
            @logger.warn("the request refers nondisclosure name `#{name}'.")
261 278
            raise HTTPStatus::NotFound, "`#{req.path}' not found."
262 279
          end
......
310 327

  
311 328
      def nondisclosure_name?(name)
312 329
        @options[:NondisclosureName].each{|pattern|
313
          if File.fnmatch(pattern, name)
330
          if File.fnmatch(pattern, name, File::FNM_CASEFOLD)
314 331
            return true
315 332
          end
316 333
        }
sprintf.c
247 247
    int argc;
248 248
    VALUE *argv;
249 249
{
250
    return rb_str_format(argc - 1, argv + 1, GETNTHARG(0));
251
}
252

  
253
VALUE
254
rb_str_format(argc, argv, fmt)
255
    int argc;
256
    VALUE *argv;
250 257
    VALUE fmt;
258
{
251 259
    const char *p, *end;
252 260
    char *buf;
253 261
    int blen, bsiz;
......
276 284
	rb_raise(rb_eArgError, "flag after precision"); \
277 285
    }
278 286

  
279
    fmt = GETNTHARG(0);
287
    ++argc;
288
    --argv;
280 289
    if (OBJ_TAINTED(fmt)) tainted = 1;
281 290
    StringValue(fmt);
282 291
    fmt = rb_str_new4(fmt);
string.c
452 452
 */
453 453

  
454 454
static VALUE
455
rb_str_format(str, arg)
455
rb_str_format_m(str, arg)
456 456
    VALUE str, arg;
457 457
{
458
    VALUE *argv;
458
    VALUE tmp = rb_check_array_type(arg);
459 459

  
460
    if (TYPE(arg) == T_ARRAY) {
461
	argv = ALLOCA_N(VALUE, RARRAY(arg)->len + 1);
462
	argv[0] = str;
463
	MEMCPY(argv+1, RARRAY(arg)->ptr, VALUE, RARRAY(arg)->len);
464
	return rb_f_sprintf(RARRAY(arg)->len+1, argv);
460
    if (!NIL_P(tmp)) {
461
	return rb_str_format(RARRAY_LEN(tmp), RARRAY_PTR(tmp), str);
465 462
    }
466 463

  
467
    argv = ALLOCA_N(VALUE, 2);
468
    argv[0] = str;
469
    argv[1] = arg;
470
    return rb_f_sprintf(2, argv);
464
    return rb_str_format(1, &arg, str);
471 465
}
472 466

  
473 467
static int
......
694 688
    return str;
695 689
}
696 690

  
697
VALUE
698
rb_str_buf_cat(str, ptr, len)
691
static VALUE
692
str_buf_cat(str, ptr, len)
699 693
    VALUE str;
700 694
    const char *ptr;
701 695
    long len;
702 696
{
703 697
    long capa, total;
704 698

  
705
    if (len == 0) return str;
706
    if (len < 0) {
707
	rb_raise(rb_eArgError, "negative string size (or size too big)");
708
    }
709 699
    rb_str_modify(str);
710 700
    if (FL_TEST(str, STR_ASSOC)) {
711 701
	FL_UNSET(str, STR_ASSOC);
......
714 704
    else {
715 705
	capa = RSTRING(str)->aux.capa;
716 706
    }
707
    if (RSTRING(str)->len >= LONG_MAX - len) {
708
	rb_raise(rb_eArgError, "string sizes too big");
709
    }
717 710
    total = RSTRING(str)->len+len;
718 711
    if (capa <= total) {
719 712
	while (total > capa) {
713
	    if (capa + 1 >= LONG_MAX / 2) {
714
		capa = total;
715
		break;
716
	    }
720 717
	    capa = (capa + 1) * 2;
721 718
	}
722 719
	RESIZE_CAPA(str, capa);
......
729 726
}
730 727

  
731 728
VALUE
729
rb_str_buf_cat(str, ptr, len)
730
    VALUE str;
731
    const char *ptr;
732
    long len;
733
{
734
    if (len == 0) return str;
735
    if (len < 0) {
736
	rb_raise(rb_eArgError, "negative string size (or size too big)");
737
    }
738
    return str_buf_cat(str, ptr, len);
739
}
740

  
741
VALUE
732 742
rb_str_buf_cat2(str, ptr)
733 743
    VALUE str;
734 744
    const char *ptr;
......
747 757
    }
748 758
    if (FL_TEST(str, STR_ASSOC)) {
749 759
	rb_str_modify(str);
750
	REALLOC_N(RSTRING(str)->ptr, char, RSTRING(str)->len+len);
760
	REALLOC_N(RSTRING(str)->ptr, char, RSTRING(str)->len+len+1);
751 761
	memcpy(RSTRING(str)->ptr + RSTRING(str)->len, ptr, len);
752 762
	RSTRING(str)->len += len;
753 763
	RSTRING(str)->ptr[RSTRING(str)->len] = '\0'; /* sentinel */
......
769 779
rb_str_buf_append(str, str2)
770 780
    VALUE str, str2;
771 781
{
772
    long capa, len;
773

  
774
    rb_str_modify(str);
775
    if (FL_TEST(str, STR_ASSOC)) {
776
	FL_UNSET(str, STR_ASSOC);
777
	capa = RSTRING(str)->aux.capa = RSTRING(str)->len;
778
    }
779
    else {
780
	capa = RSTRING(str)->aux.capa;
781
    }
782
    len = RSTRING(str)->len+RSTRING(str2)->len;
783
    if (capa <= len) {
784
	while (len > capa) {
785
	    capa = (capa + 1) * 2;
786
	}
787
	RESIZE_CAPA(str, capa);
788
    }
789
    memcpy(RSTRING(str)->ptr + RSTRING(str)->len,
790
	   RSTRING(str2)->ptr, RSTRING(str2)->len);
791
    RSTRING(str)->len += RSTRING(str2)->len;
792
    RSTRING(str)->ptr[RSTRING(str)->len] = '\0'; /* sentinel */
782
    str_buf_cat(str, RSTRING(str2)->ptr, RSTRING(str2)->len);
793 783
    OBJ_INFECT(str, str2);
794

  
795 784
    return str;
796 785
}
797 786

  
......
4657 4646
    rb_define_method(rb_cString, "casecmp", rb_str_casecmp, 1);
4658 4647
    rb_define_method(rb_cString, "+", rb_str_plus, 1);
4659 4648
    rb_define_method(rb_cString, "*", rb_str_times, 1);
4660
    rb_define_method(rb_cString, "%", rb_str_format, 1);
4649
    rb_define_method(rb_cString, "%", rb_str_format_m, 1);
4661 4650
    rb_define_method(rb_cString, "[]", rb_str_aref_m, -1);
4662 4651
    rb_define_method(rb_cString, "[]=", rb_str_aset_m, -1);
4663 4652
    rb_define_method(rb_cString, "insert", rb_str_insert, 2);