* sprintf.c (rb_str_format): fix buffer overflow.

git-svn-id: http://svn.ruby-lang.org/repos/ruby/trunk@20921 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: mame <mame@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2008-12-22 15:18:12 +0000
committer: mame <mame@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2008-12-22 15:18:12 +0000
commit: 1ae2fd82cbd1e2017bed844b74de39f7e9368cc6 (patch)
tree: a12e4d262e3a4bacec7f32ab34aa283b58847658
parent: 129257f0bdf805ebd0a0349a89bccad3d02683ec (diff)
download: ruby-1ae2fd82cbd1e2017bed844b74de39f7e9368cc6.tar.gz
ruby-1ae2fd82cbd1e2017bed844b74de39f7e9368cc6.tar.xz
ruby-1ae2fd82cbd1e2017bed844b74de39f7e9368cc6.zip
2 files changed, 6 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index da6066a24..c765976b8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Tue Dec 23 00:16:48 2008  Yusuke Endoh  <mame@tsg.ne.jp>
+
+	* sprintf.c (rb_str_format): fix buffer overflow.
+
 Mon Dec 22 19:31:19 2008  Yuki Sonoda (Yugui)  <yugui@yugui.jp>
 
 	* common.mk (revision.h): uses tool/file2lastrev.rb to support
diff --git a/sprintf.c b/sprintf.c
index 1195f9b17..cc8f097e5 100644
--- a/sprintf.c
+++ b/sprintf.c
@@ -979,8 +979,8 @@ rb_str_format(int argc, const VALUE *argv, VALUE fmt)
 		    if ((flags & FWIDTH) && need < width)
 			need = width;
 
-		    CHECK(need);
-		    snprintf(&buf[blen], need, "%*s", need, "");
+		    CHECK(need + 1);
+		    snprintf(&buf[blen], need + 1, "%*s", need, "");
 		    if (flags & FMINUS) {
 			if (!isnan(fval) && fval < 0.0)
 			    buf[blen++] = '-';
author	mame <mame@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2008-12-22 15:18:12 +0000
committer	mame <mame@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2008-12-22 15:18:12 +0000
commit	1ae2fd82cbd1e2017bed844b74de39f7e9368cc6 (patch)
tree	a12e4d262e3a4bacec7f32ab34aa283b58847658
parent	129257f0bdf805ebd0a0349a89bccad3d02683ec (diff)
download	ruby-1ae2fd82cbd1e2017bed844b74de39f7e9368cc6.tar.gz ruby-1ae2fd82cbd1e2017bed844b74de39f7e9368cc6.tar.xz ruby-1ae2fd82cbd1e2017bed844b74de39f7e9368cc6.zip