Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.3
ruby2.2
0004-manual-backport-for-CVE-2016-2339.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0004-manual-backport-for-CVE-2016-2339.patch of Package ruby2.2
From 82c431b6285e279398bb744e07bf68d334ab8d88 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcus=20R=C3=BCckert?= <mrueckert@suse.de> Date: Thu, 9 Mar 2017 17:05:41 +0100 Subject: [PATCH 4/5] manual backport for CVE-2016-2339 --- ext/fiddle/function.c | 49 +++++++++++++++++++++++++++++++++---------------- 1 file changed, 33 insertions(+), 16 deletions(-) diff --git a/ext/fiddle/function.c b/ext/fiddle/function.c index e0da8b69cb..5203fd5e9a 100644 --- a/ext/fiddle/function.c +++ b/ext/fiddle/function.c @@ -14,12 +14,16 @@ VALUE cFiddleFunction; #define MAX_ARGS (SIZE_MAX / (sizeof(void *) + sizeof(fiddle_generic)) - 1) #define Check_Max_Args(name, len) \ + Check_Max_Args_(name, len, "") +#define Check_Max_Args_Long(name, len) \ + Check_Max_Args_(name, len, "l") +#define Check_Max_Args_(name, len, fmt) \ if ((size_t)(len) < MAX_ARGS) { \ /* OK */ \ } \ else { \ rb_raise(rb_eTypeError, \ - name" is so large that it can cause integer overflow (%d)", \ + name" is so large that it can cause integer overflow (%"fmt"d)", \ (len)); \ } @@ -87,16 +91,34 @@ static VALUE initialize(int argc, VALUE argv[], VALUE self) { ffi_cif * cif; - ffi_type **arg_types; + ffi_type **arg_types, *rtype; ffi_status result; - VALUE ptr, args, ret_type, abi, kwds; - int i; + VALUE ptr, args, ret_type, abi, kwds, ary; + int i, len; + int nabi; + void *cfunc; rb_scan_args(argc, argv, "31:", &ptr, &args, &ret_type, &abi, &kwds); - if(NIL_P(abi)) abi = INT2NUM(FFI_DEFAULT_ABI); + ptr = rb_Integer(ptr); + cfunc = NUM2PTR(ptr); + PTR2NUM(cfunc); + nabi = NIL_P(abi) ? FFI_DEFAULT_ABI : NUM2INT(abi); + abi = INT2FIX(nabi); + i = NUM2INT(ret_type); + rtype = INT2FFI_TYPE(i); + ret_type = INT2FIX(i); Check_Type(args, T_ARRAY); - Check_Max_Args("args", RARRAY_LENINT(args)); + len = RARRAY_LENINT(args); + Check_Max_Args("args", len); + ary = rb_ary_subseq(args, 0, len); + for (i = 0; i < RARRAY_LEN(args); i++) { + VALUE a = RARRAY_PTR(args)[i]; + int type = NUM2INT(a); + (void)INT2FFI_TYPE(type); /* raise */ + if (INT2FIX(type) != a) rb_ary_store(ary, i, INT2FIX(type)); + } + OBJ_FREEZE(ary); rb_iv_set(self, "@ptr", ptr); rb_iv_set(self, "@args", args); @@ -107,20 +129,15 @@ initialize(int argc, VALUE argv[], VALUE self) TypedData_Get_Struct(self, ffi_cif, &function_data_type, cif); - arg_types = xcalloc(RARRAY_LEN(args) + 1, sizeof(ffi_type *)); + arg_types = xcalloc(len + 1, sizeof(ffi_type *)); for (i = 0; i < RARRAY_LEN(args); i++) { - int type = NUM2INT(RARRAY_PTR(args)[i]); + int type = NUM2INT(RARRAY_AREF(args, i)); arg_types[i] = INT2FFI_TYPE(type); } - arg_types[RARRAY_LEN(args)] = NULL; - - result = ffi_prep_cif ( - cif, - NUM2INT(abi), - RARRAY_LENINT(args), - INT2FFI_TYPE(NUM2INT(ret_type)), - arg_types); + arg_types[len] = NULL; + + result = ffi_prep_cif(cif, nabi, len, rtype, arg_types); if (result) rb_raise(rb_eRuntimeError, "error creating CIF %d", result); -- 2.12.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor