Project

General

Profile

Actions

Bug #3700

closed

Buffer overrun in util.c: ruby_hdtoa / nrv_alloc

Added by pweldon (Peter Weldon) over 13 years ago. Updated almost 13 years ago.

Status:
Closed
Assignee:
-
Target version:
ruby -v:
ruby 1.9.3dev (2010-08-15) [i386-mswin32_100]
Backport:
[ruby-core:31725]

Description

=begin
util.c (ruby_hdtoa) causes buffer overrun in nrv_alloc when returning copies of constant strings ("0", "NaN", "Infinity"). Detected while running ruby 1.9.3dev (2010-08-15) [i386-mswin32_100], linked with debug crt libs, heap corruption is detected while running test/ruby/test_sprintf.rb.

Patch attached:

  • consistently handling of const return strings in ruby_hdtoa, ruby_dtoa, using rv_strdup
  • avoid strlen in rv_strdup
  • remove handrolled memcpy in nrv_alloc
    =end

Files

i386-mswin32_100.txt (5.73 KB) i386-mswin32_100.txt Heap corruption call stack pweldon (Peter Weldon), 08/16/2010 01:38 PM
util.c.patch (2.16 KB) util.c.patch util.c patch pweldon (Peter Weldon), 08/16/2010 01:38 PM
Actions #1

Updated by nobu (Nobuyoshi Nakada) over 13 years ago

  • Status changed from Open to Closed
  • % Done changed from 0 to 100

=begin
This issue was solved with changeset r29010.
Peter, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.

=end

Actions

Also available in: Atom PDF

Like0
Like0