* ext/syck/emitter.c (syck_emitter_write): str bigger than

e->bufsize causes buffer overflow. [ruby-dev:22307] git-svn-id: http://svn.ruby-lang.org/repos/ruby/trunk@5239 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2003-12-21 15:38:01 +0000
committer: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2003-12-21 15:38:01 +0000
commit: 7c69eb0ef175e8c4667456bd34255c5e2cc62699 (patch)
tree: ec1ea3bdec11df1b37063937b549eedb4048638d /ext/syck/emitter.c
parent: 8d6fe2f3491c98792ebb72727fa66c0aa2d33497 (diff)
download: ruby-7c69eb0ef175e8c4667456bd34255c5e2cc62699.tar.gz
ruby-7c69eb0ef175e8c4667456bd34255c5e2cc62699.tar.xz
ruby-7c69eb0ef175e8c4667456bd34255c5e2cc62699.zip
1 files changed, 10 insertions, 1 deletions
diff --git a/ext/syck/emitter.c b/ext/syck/emitter.c
index 1cc0ea507..4dcc8b3fc 100644
--- a/ext/syck/emitter.c
+++ b/ext/syck/emitter.c
@@ -232,9 +232,18 @@ syck_emitter_write( SyckEmitter *e, char *str, long len )
      * Flush if at end of buffer
      */
     at = e->marker - e->buffer;
-    if ( len + at > e->bufsize )
+    if ( len + at >= e->bufsize )
     {
         syck_emitter_flush( e, 0 );
+	for (;;) {
+	    long rest = e->bufsize - (e->marker - e->buffer);
+	    if (len <= rest) break;
+	    S_MEMCPY( e->marker, str, char, rest );
+	    e->marker += len;
+	    str += rest;
+	    len -= rest;
+	    syck_emitter_flush( e, 0 );
+	}
     }
 
     /*
author	matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2003-12-21 15:38:01 +0000
committer	matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2003-12-21 15:38:01 +0000
commit	7c69eb0ef175e8c4667456bd34255c5e2cc62699 (patch)
tree	ec1ea3bdec11df1b37063937b549eedb4048638d /ext/syck/emitter.c
parent	8d6fe2f3491c98792ebb72727fa66c0aa2d33497 (diff)
download	ruby-7c69eb0ef175e8c4667456bd34255c5e2cc62699.tar.gz ruby-7c69eb0ef175e8c4667456bd34255c5e2cc62699.tar.xz ruby-7c69eb0ef175e8c4667456bd34255c5e2cc62699.zip