From f31bb33a3b169a26a1336b497284b59f6808610a Mon Sep 17 00:00:00 2001 From: nobu Date: Mon, 20 Mar 2017 01:33:08 +0000 Subject: [PATCH] sprintf.c: string limits * sprintf.c (ruby__sfvwrite): use long instead of size_t due to string limits. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58033 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- sprintf.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/sprintf.c b/sprintf.c index cdc2d2d738..0438b5e32c 100644 --- a/sprintf.c +++ b/sprintf.c @@ -1301,14 +1301,19 @@ ruby__sfvwrite(register rb_printf_buffer *fp, register struct __suio *uio) struct __siov *iov; VALUE result = (VALUE)fp->_bf._base; char *buf = (char*)fp->_p; - size_t len, n; - size_t blen = buf - RSTRING_PTR(result), bsiz = fp->_w; + long len, n; + long blen = buf - RSTRING_PTR(result), bsiz = fp->_w; if (RBASIC(result)->klass) { rb_raise(rb_eRuntimeError, "rb_vsprintf reentered"); } - if ((len = uio->uio_resid) == 0) + if (uio->uio_resid == 0) return 0; +#if SIZE_MAX > LONG_MAX + if (uio->uio_resid >= LONG_MAX) + rb_raise(rb_eRuntimeError, "too big string"); +#endif + len = (long)uio->uio_resid; CHECK(len); buf += blen; fp->_w = bsiz;