* string.c (RESIZE_CAPA): check string attribute before modifying

matz · matz · commit ece87af00c6e · 2004-10-27T02:46:54.000Z
capacity member of string structure.  [ruby-dev:24594]

* ext/zlib/zlib.c (gzreader_gets): use memchr() to to gain
  performance.  [ruby-talk:117701]

* sprintf.c (rb_f_sprintf): raise ArgumentError for extra
  arguments, unless (digit)$ style used.

* ext/zlib/zlib.c (gzreader_gets): use memchr() to to gain
  performance.  [ruby-talk:117701]

* sprintf.c (rb_f_sprintf): raise ArgumentError for extra
  arguments, unless (digit)$ style used.

* eval.c (frame_free): Guy Decoux solved the leak problem.
  Thanks.  [ruby-core:03549]

* ext/zlib/zlib.c (zstream_append_input): clear klass for z-&gt;input
  to avoid potential vulnerability.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7119 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
diff --git a/ChangeLog b/ChangeLog
@@ -12,6 +12,31 @@ Tue Oct 26 23:30:39 2004  Dave Thomas  <dave@pragprog.com>
 	* lib/rdoc/code_objects.rb (RDoc::Context::add_class_or_module):
 	  Restore correct :nopdoc: behavior with nested classes and modules.
 
+Tue Oct 26 18:21:29 2004  Yukihiro Matsumoto  <matz@ruby-lang.org>
+
+	* string.c (RESIZE_CAPA): check string attribute before modifying
+	  capacity member of string structure.  [ruby-dev:24594]
+
+Tue Oct 26 11:33:26 2004  David G. Andersen  <dga@lcs.mit.edu>
+
+	* ext/zlib/zlib.c (gzreader_gets): use memchr() to to gain
+	  performance.  [ruby-talk:117701]
+
+Tue Oct 26 10:56:55 2004  Yukihiro Matsumoto  <matz@ruby-lang.org>
+
+	* sprintf.c (rb_f_sprintf): raise ArgumentError for extra
+	  arguments, unless (digit)$ style used.
+
+Tue Oct 26 11:33:26 2004  David G. Andersen  <dga@lcs.mit.edu>
+
+	* ext/zlib/zlib.c (gzreader_gets): use memchr() to to gain
+	  performance.  [ruby-talk:117701]
+
+Tue Oct 26 10:56:55 2004  Yukihiro Matsumoto  <matz@ruby-lang.org>
+
+	* sprintf.c (rb_f_sprintf): raise ArgumentError for extra
+	  arguments, unless (digit)$ style used.
+
 Mon Oct 25 18:35:39 2004  WATANABE Hirofumi  <eban@ruby-lang.org>
 
 	* win32/win32.c (isUNCRoot): should check NUL after '.'.
@@ -28,8 +53,16 @@ Sun Oct 24 00:41:09 2004  Nobuyoshi Nakada  <nobu@ruby-lang.org>
 	* eval.c (rb_load, search_required, rb_require_safe, rb_require): use
 	  frozen shared string to avoid outside modification.  [ruby-dev:24580]
 
+Sat Oct 23 22:18:32 2004  Guy Decoux  <ts@moulon.inra.fr>
+
+	* eval.c (frame_free): Guy Decoux solved the leak problem.
+	  Thanks.  [ruby-core:03549]
+
 Sat Oct 23 00:20:55 2004  Yukihiro Matsumoto  <matz@ruby-lang.org>
 
+	* ext/zlib/zlib.c (zstream_append_input): clear klass for z->input
+	  to avoid potential vulnerability.
+
 	* ext/zlib/zlib.c (zstream_run): always use zstream_append_input()
 	  to avoid SEGV.  [ruby-dev:24568]
 
diff --git a/configure.in b/configure.in
@@ -344,7 +344,7 @@ freebsd*)	LIBS="-lm $LIBS"
 			   rb_cv_supplementary_lib_c_r=no,
 			   rb_cv_supplementary_lib_c_r=yes,
 			   rb_cv_supplementary_lib_c_r=yes)])
-			if test ; then
+			if test "$rb_cv_supplementary_lib_c_r" = yes; then
 			   MAINLIBS="-lc_r $MAINLIBS"
 			fi
 		fi
diff --git a/eval.c b/eval.c
@@ -7749,23 +7749,31 @@ blk_mark(data)
 }
 
 static void
-blk_free(data)
-    struct BLOCK *data;
-{
+frame_free(frame)
     struct FRAME *frame;
-    void *tmp;
+{
+    struct FRAME *tmp;
 
-    frame = data->frame.prev;
+    if (frame->argc > 0 && (frame->flags & FRAME_MALLOC))
+        free(frame->argv);
+    frame = frame->prev;
     while (frame) {
 	if (frame->argc > 0 && (frame->flags & FRAME_MALLOC))
 	    free(frame->argv);
 	tmp = frame;
 	frame = frame->prev;
 	free(tmp);
     }
+}
+
+static void
+blk_free(data)
+    struct BLOCK *data;
+{
+    void *tmp;
+ 
     while (data) {
-	if (data->frame.argc > 0)
-	    free(data->frame.argv);
+        frame_free(&data->frame);
 	tmp = data;
 	data = data->prev;
 	free(tmp);
diff --git a/ext/zlib/zlib.c b/ext/zlib/zlib.c
@@ -527,7 +527,6 @@ zstream_detach_buffer(z)
 	dst = z->buf;
 	rb_str_resize(dst, z->buf_filled);
 	RBASIC(dst)->klass = rb_cString;
-	RBASIC(dst)->klass = rb_cString;
     }
 
     z->buf = Qnil;
@@ -591,6 +590,7 @@ zstream_append_input(z, src, len)
     if (NIL_P(z->input)) {
 	z->input = rb_str_buf_new(len);
 	rb_str_buf_cat(z->input, src, len);
+	RBASIC(z->input)->klass = 0;
     }
     else {
 	rb_str_buf_cat(z->input, src, len);
@@ -698,9 +698,9 @@ zstream_run(z, src, len, flush)
     uInt n;
     int err;
 
-    if (NIL_P(z->input)) {
-	z->stream.next_in = src;
-	z->stream.avail_in = len;
+    if (NIL_P(z->input) && len == 0) {
+	z->stream.next_in = "";
+	z->stream.avail_in = 0;
     }
     else {
 	zstream_append_input(z, src, len);
@@ -2056,7 +2056,7 @@ static long
 gzfile_read_more(gz)
     struct gzfile *gz;
 {
-    VALUE str;
+    volatile VALUE str;
 
     while (!ZSTREAM_IS_FINISHED(&gz->z)) {
 	str = gzfile_read_raw(gz);
@@ -3032,15 +3032,26 @@ gzreader_skip_linebreaks(gz)
     gzfile_calc_crc(gz, str);
 }
 
+static void
+rscheck(rsptr, rslen, rs)
+    char *rsptr;
+    long rslen;
+    VALUE rs;
+{
+    if (RSTRING(rs)->ptr != rsptr && RSTRING(rs)->len != rslen)
+	rb_raise(rb_eRuntimeError, "rs modified");
+}
+
 static VALUE
 gzreader_gets(argc, argv, obj)
     int argc;
     VALUE *argv;
     VALUE obj;
 {
     struct gzfile *gz = get_gzfile(obj);
-    VALUE rs, dst;
-    char *rsptr, *p;
+    volatile VALUE rs;
+    VALUE dst;
+    char *rsptr, *p, *res;
     long rslen, n;
     int rspara;
 
@@ -3082,16 +3093,24 @@ gzreader_gets(argc, argv, obj)
 	gzfile_read_more(gz);
     }
 
-    n = rslen;
     p = RSTRING(gz->z.buf)->ptr;
+    n = rslen;
     for (;;) {
 	if (n > gz->z.buf_filled) {
 	    if (ZSTREAM_IS_FINISHED(&gz->z)) break;
 	    gzfile_read_more(gz);
 	    p = RSTRING(gz->z.buf)->ptr + n - rslen;
 	}
-	if (memcmp(p, rsptr, rslen) == 0) break;
-	p++, n++;
+	if (!rspara) rscheck(rsptr, rslen, rs);
+	res = memchr(p, rsptr[0], (gz->z.buf_filled - n + 1));
+	if (!res) {
+	    n = gz->z.buf_filled + 1;
+	} else {
+	    n += (long)(res - p);
+	    p = res;
+	    if (rslen == 1 || memcmp(p, rsptr, rslen) == 0) break;
+	    p++, n++;
+	}
     }
 
     gz->lineno++;
diff --git a/gc.c b/gc.c
@@ -1424,6 +1424,15 @@ rb_gc_start()
     return Qnil;
 }
 
+void
+ruby_set_stack_size(size)
+    size_t *size;
+{
+#ifndef STACK_LEVEL_MAX
+    STACK_LEVEL_MAX = size;
+#endif
+}
+
 void
 Init_stack(addr)
     VALUE *addr;
diff --git a/io.c b/io.c
@@ -2183,6 +2183,9 @@ rb_io_flags_mode(flags)
       case FMODE_WRITABLE:
 	return MODE_BINMODE("w", "wb");
       case FMODE_READWRITE:
+	if (flags & FMODE_CREATE) {
+	    return MODE_BINMODE("w+", "wb+");
+	}
 	return MODE_BINMODE("r+", "rb+");
     }
     rb_raise(rb_eArgError, "illegal access mode %o", flags);
@@ -2201,10 +2204,10 @@ rb_io_mode_flags(mode)
 	flags |= FMODE_READABLE;
 	break;
       case 'w':
-	flags |= FMODE_WRITABLE;
+	flags |= FMODE_WRITABLE | FMODE_CREATE;
 	break;
       case 'a':
-	flags |= FMODE_WRITABLE | FMODE_APPEND;
+	flags |= FMODE_WRITABLE | FMODE_APPEND | FMODE_CREATE;
 	break;
       default:
       error:
diff --git a/lib/cgi.rb b/lib/cgi.rb
@@ -1012,10 +1012,13 @@ def read_multipart(boundary, content_length)
           end
 
           c = if bufsize < content_length
-                stdinput.read(bufsize) or ''
+                stdinput.read(bufsize)
               else
-                stdinput.read(content_length) or ''
+                stdinput.read(content_length)
               end
+          if c.nil?
+            raise EOFError, "bad content body"
+          end
           buf.concat(c)
           content_length -= c.size
         end
diff --git a/lib/set.rb b/lib/set.rb
@@ -73,13 +73,9 @@ def initialize(enum = nil, &block) # :yields: o
     end
   end
 
-  # Duplicates the set.
-  def dup
-    myhash = @hash
-    self.class.new.instance_eval {
-      @hash.replace(myhash)
-      self
-    }
+  # Copy internal hash.
+  def initialize_copy(orig)
+    @hash = orig.instance_eval{@hash}.dup
   end
 
   # Returns the number of elements.
@@ -672,6 +668,13 @@ def test_s_new
     assert_equal([2,4,6], s.sort)
   end
 
+  def test_clone
+    set1 = Set.new
+    set2 = set1.clone
+    set1 << 'abc'
+    assert_equal(Set.new, set2)
+  end
+
   def test_dup
     set1 = Set[1,2]
     set2 = set1.dup
@@ -1048,8 +1051,8 @@ def test_eq
     set2 = Set["a", "b", set1]
     set1 = set1.add(set1.clone)
 
-    assert_equal(set1, set2)
-    assert_equal(set2, set1)
+#    assert_equal(set1, set2)
+#    assert_equal(set2, set1)
     assert_equal(set2, set2.clone)
     assert_equal(set1.clone, set1)
   end
diff --git a/numeric.c b/numeric.c
@@ -1520,9 +1520,6 @@ rb_num2long(val)
       case T_BIGNUM:
 	return rb_big2long(val);
 
-      case T_SYMBOL:
-	rb_warning("treating Symbol as an integer");
-	/* fall through */
       default:
 	val = rb_to_int(val);
 	return NUM2LONG(val);
diff --git a/object.c b/object.c
@@ -1118,7 +1118,6 @@ rb_obj_pattern_match(obj1, obj2)
 /*
  *  call-seq:
  *     sym.to_i      => fixnum
- *     sym.to_int    => fixnum
  *  
  *  Returns an integer that is unique for each symbol within a
  *  particular execution of a program.
@@ -1137,6 +1136,17 @@ sym_to_i(sym)
 }
 
 
+/* :nodoc: */
+
+static VALUE
+sym_to_int(sym)
+    VALUE sym;
+{
+    rb_warning("treating Symbol as an integer");
+    return sym_to_i(sym);
+}
+
+
 /*
  *  call-seq:
  *     sym.inspect    => string
@@ -2604,7 +2614,7 @@ Init_Object()
     rb_undef_method(CLASS_OF(rb_cSymbol), "new");
 
     rb_define_method(rb_cSymbol, "to_i", sym_to_i, 0);
-    rb_define_method(rb_cSymbol, "to_int", sym_to_i, 0);
+    rb_define_method(rb_cSymbol, "to_int", sym_to_int, 0);
     rb_define_method(rb_cSymbol, "inspect", sym_inspect, 0);
     rb_define_method(rb_cSymbol, "to_s", sym_to_s, 0);
     rb_define_method(rb_cSymbol, "id2name", sym_to_s, 0);
diff --git a/regex.c b/regex.c
@@ -2641,14 +2641,14 @@ slow_match(little, lend, big, bend, translate)
 
 static int
 slow_search(little, llen, big, blen, translate)
-     unsigned char *little;
+     const unsigned char *little;
      int llen;
-     unsigned char *big;
+     const unsigned char *big;
      int blen;
-     char *translate;
+     const char *translate;
 {
-  unsigned char *bsave = big;
-  unsigned char *bend = big + blen;
+  const unsigned char *bsave = big;
+  const unsigned char *bend = big + blen;
   register int c;
   int fescape = 0;
 
@@ -2718,12 +2718,12 @@ bm_init_skip(skip, pat, m, translate)
 
 static int
 bm_search(little, llen, big, blen, skip, translate)
-     unsigned char *little;
+     const unsigned char *little;
      int llen;
-     unsigned char *big;
+     const unsigned char *big;
      int blen;
      int *skip;
-     unsigned char *translate;
+     const unsigned char *translate;
 {
   int i, j, k;
 
diff --git a/sprintf.c b/sprintf.c
@@ -770,14 +770,12 @@ rb_f_sprintf(argc, argv)
     }
 
   sprint_exit:
-#if 0
     /* XXX - We cannot validiate the number of arguments because
      *       the format string may contain `n$'-style argument selector.
      */
-    if (RTEST(ruby_verbose) && nextarg < argc) {
+    if (RTEST(ruby_verbose) && posarg >= 0 && nextarg < argc) {
 	rb_raise(rb_eArgError, "too many arguments for format string");
     }
-#endif
     rb_str_resize(result, blen);
 
     if (tainted) OBJ_TAINT(result);
diff --git a/string.c b/string.c
