Actions
Bug #3700
closedBuffer overrun in util.c: ruby_hdtoa / nrv_alloc
Description
=begin
util.c (ruby_hdtoa) causes buffer overrun in nrv_alloc when returning copies of constant strings ("0", "NaN", "Infinity"). Detected while running ruby 1.9.3dev (2010-08-15) [i386-mswin32_100], linked with debug crt libs, heap corruption is detected while running test/ruby/test_sprintf.rb.
Patch attached:
- consistently handling of const return strings in ruby_hdtoa, ruby_dtoa, using rv_strdup
- avoid strlen in rv_strdup
- remove handrolled memcpy in nrv_alloc
=end
Files
Actions
Like0
Like0