file.c: fix buffer overflow

* file.c (rb_readlink): fix buffer overflow on a long symlink. since
  rb_str_modify_expand() expands from its length but not its capacity,
  need to set the length properly for each expansion.
  [ruby-core:58592] [Bug #9157]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43853 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

ChangeLog

@@ -1,3 +1,10 @@
+Tue Nov 26 16:30:31 2013  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* file.c (rb_readlink): fix buffer overflow on a long symlink. since
+	  rb_str_modify_expand() expands from its length but not its capacity,
+	  need to set the length properly for each expansion.
+	  [ruby-core:58592] [Bug #9157]
+
 Tue Nov 26 14:23:17 2013  Aman Gupta <ruby@tmm1.net>
 
 	* ext/objspace/objspace_dump.c (dump_append_string_value): Escape

file.c

@@ -2618,6 +2618,7 @@ rb_readlink(VALUE path)
 	) {
 	rb_str_modify_expand(v, size);
 	size *= 2;
+	rb_str_set_len(v, size);
     }
     if (rv < 0) {
 	rb_str_resize(v, 0);

test/ruby/test_file_exhaustive.rb

@@ -391,6 +391,24 @@ class TestFileExhaustive < Test::Unit::TestCase
   rescue NotImplementedError
   end
 
+  def test_readlink_long_path
+    return unless @symlinkfile
+    bug9157 = '[ruby-core:58592] [Bug #9157]'
+    assert_separately(["-", @symlinkfile, bug9157], <<-"end;")
+      symlinkfile, bug9157 = *ARGV
+      100.step(1000, 100) do |n|
+        File.unlink(symlinkfile)
+        link = "foo"*n
+        begin
+          File.symlink(link, symlinkfile)
+        rescue Errno::ENAMETOOLONG
+          break
+        end
+        assert_equal(link, File.readlink(symlinkfile), bug9157)
+      end
+    end;
+  end
+
   def test_unlink
     assert_equal(1, File.unlink(@file))
     make_file("foo", @file)