Buffer overrun in util.c: ruby_hdtoa / nrv_alloc
util.c (ruby_hdtoa) causes buffer overrun in nrv_alloc when returning copies of constant strings ("0", "NaN", "Infinity"). Detected while running ruby 1.9.3dev (2010-08-15) [i386-mswin32_100], linked with debug crt libs, heap corruption is detected while running test/ruby/test_sprintf.rb.
- consistently handling of const return strings in ruby_hdtoa, ruby_dtoa, using rv_strdup
- avoid strlen in rv_strdup
- remove handrolled memcpy in nrv_alloc
Updated by nobu (Nobuyoshi Nakada) almost 12 years ago
- Status changed from Open to Closed
- % Done changed from 0 to 100
This issue was solved with changeset r29010.
Peter, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.