ruby-cvs:24685
From: shyouhei ruby-lang.org
Date: Fri, 20 Jun 2008 08:12:50 +0900 (JST)
Subject: [ruby-cvs:24685] Ruby:r17460 (ruby_1_8_6, trunk, ruby_1_8_5, ruby_1_8, ruby_1_8_7): * array.c (ary_new, rb_ary_initialize, rb_ary_store,
shyouhei 2008-06-20 08:12:46 +0900 (Fri, 20 Jun 2008)
New Revision: 17460
Modified files:
branches/ruby_1_8/ChangeLog
branches/ruby_1_8/array.c
branches/ruby_1_8/intern.h
branches/ruby_1_8/sprintf.c
branches/ruby_1_8/string.c
branches/ruby_1_8_5/ChangeLog
branches/ruby_1_8_5/array.c
branches/ruby_1_8_5/intern.h
branches/ruby_1_8_5/sprintf.c
branches/ruby_1_8_5/string.c
branches/ruby_1_8_5/version.h
branches/ruby_1_8_6/ChangeLog
branches/ruby_1_8_6/array.c
branches/ruby_1_8_6/intern.h
branches/ruby_1_8_6/sprintf.c
branches/ruby_1_8_6/string.c
branches/ruby_1_8_6/version.h
branches/ruby_1_8_7/ChangeLog
branches/ruby_1_8_7/array.c
branches/ruby_1_8_7/intern.h
branches/ruby_1_8_7/sprintf.c
branches/ruby_1_8_7/string.c
branches/ruby_1_8_7/version.h
trunk/ChangeLog
trunk/array.c
trunk/string.c
Log:
* array.c (ary_new, rb_ary_initialize, rb_ary_store,
rb_ary_aplice, rb_ary_times): integer overflows should be
checked. based on patches from Drew Yao <ayao at apple.com>
fixed CVE-2008-2726
* string.c (rb_str_buf_append): fixed unsafe use of alloca,
which led memory corruption. based on a patch from Drew Yao
<ayao at apple.com> fixed CVE-2008-2726
* sprintf.c (rb_str_format): backported from trunk.
* intern.h: ditto.
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8_6/intern.h?r1=17460&r2=17459&diff_format=u
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8_6/ChangeLog?r1=17460&r2=17459&diff_format=u
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/string.c?r1=17460&r2=17459&diff_format=u
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/array.c?r1=17460&r2=17459&diff_format=u
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8_6/version.h?r1=17460&r2=17459&diff_format=u
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8_5/sprintf.c?r1=17460&r2=17459&diff_format=u
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8/intern.h?r1=17460&r2=17459&diff_format=u
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8/ChangeLog?r1=17460&r2=17459&diff_format=u
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ChangeLog?r1=17460&r2=17459&diff_format=u
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8/sprintf.c?r1=17460&r2=17459&diff_format=u
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8_7/ChangeLog?r1=17460&r2=17459&diff_format=u
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8_5/string.c?r1=17460&r2=17459&diff_format=u
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8_5/intern.h?r1=17460&r2=17459&diff_format=u
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8_6/sprintf.c?r1=17460&r2=17459&diff_format=u
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8_7/string.c?r1=17460&r2=17459&diff_format=u
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8_7/sprintf.c?r1=17460&r2=17459&diff_format=u
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8_5/version.h?r1=17460&r2=17459&diff_format=u
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8_5/array.c?r1=17460&r2=17459&diff_format=u
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8/array.c?r1=17460&r2=17459&diff_format=u
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8_6/string.c?r1=17460&r2=17459&diff_format=u
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8_6/array.c?r1=17460&r2=17459&diff_format=u
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8_7/version.h?r1=17460&r2=17459&diff_format=u
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8_7/intern.h?r1=17460&r2=17459&diff_format=u
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8_7/array.c?r1=17460&r2=17459&diff_format=u
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8_5/ChangeLog?r1=17460&r2=17459&diff_format=u
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/branches/ruby_1_8/string.c?r1=17460&r2=17459&diff_format=u