From 49a990604744d073ce9cafe10f1c1587b6d771c5 Mon Sep 17 00:00:00 2001 From: matz Date: Thu, 16 Aug 2007 22:22:24 +0000 Subject: * bignum.c (bigtrunc): RBIGNUM(x)->len may be zero. out of bound access. [ruby-dev:31404] * sprintf.c (rb_str_format): small float should not call rb_dbl2big(). git-svn-id: http://svn.ruby-lang.org/repos/ruby/trunk@13074 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- .gdbinit | 2 +- ChangeLog | 8 ++++++++ bignum.c | 1 + sprintf.c | 4 ++++ 4 files changed, 14 insertions(+), 1 deletion(-) diff --git a/.gdbinit b/.gdbinit index 9d3d45559..f54a38fb1 100644 --- a/.gdbinit +++ b/.gdbinit @@ -2,7 +2,7 @@ define rp if (VALUE)$arg0 & 1 printf "FIXNUM: %d\n", $arg0 >> 1 else - if ((VALUE)$arg0 & ~(~(VALUE)0<> 8 else if $arg0 == 0 diff --git a/ChangeLog b/ChangeLog index 018b7cfc3..90741ec75 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,14 @@ Fri Aug 17 01:21:29 2007 Koichi Sasada * insns.def (throw): insert a RUBY_VM_CHECK_INTS(). [ruby-dev:31361] +Thu Aug 16 20:40:50 2007 Yukihiro Matsumoto + + * bignum.c (bigtrunc): RBIGNUM(x)->len may be zero. out of bound + access. [ruby-dev:31404] + + * sprintf.c (rb_str_format): small float should not call + rb_dbl2big(). + Thu Aug 16 22:10:06 2007 Koichi Sasada * compile.c (iseq_compile_each): fix next/redo stack consistency. diff --git a/bignum.c b/bignum.c index fc7329b5e..fcfe64983 100644 --- a/bignum.c +++ b/bignum.c @@ -97,6 +97,7 @@ bigtrunc(VALUE x) long len = RBIGNUM(x)->len; BDIGIT *ds = BDIGITS(x); + if (len == 0) return x; while (--len && !ds[len]); RBIGNUM(x)->len = ++len; return x; diff --git a/sprintf.c b/sprintf.c index 78438bf55..1c60837e7 100644 --- a/sprintf.c +++ b/sprintf.c @@ -522,6 +522,10 @@ rb_str_format(int argc, const VALUE *argv, VALUE fmt) bin_retry: switch (TYPE(val)) { case T_FLOAT: + if (FIXABLE((long)RFLOAT(val)->value)) { + val = LONG2FIX((long)RFLOAT(val)->value); + goto bin_retry; + } val = rb_dbl2big(RFLOAT(val)->value); if (FIXNUM_P(val)) goto bin_retry; bignum = 1; -- cgit