Revision: 3773 http://trac.macosforge.org/projects/ruby/changeset/3773 Author: martinlagardette@apple.com Date: 2010-03-16 15:04:35 -0700 (Tue, 16 Mar 2010) Log Message: ----------- Avoid buffer overflow in helper_sel - Make sure we do not write more than allocated in the static buffer by checking the size of the selector. Return (SEL)0 (aka "no helper selector found") if the selector len is too big. - Fixes 7682623 Modified Paths: -------------- MacRuby/trunk/dispatcher.cpp Modified: MacRuby/trunk/dispatcher.cpp =================================================================== --- MacRuby/trunk/dispatcher.cpp 2010-03-16 20:46:19 UTC (rev 3772) +++ MacRuby/trunk/dispatcher.cpp 2010-03-16 22:04:35 UTC (rev 3773) @@ -194,7 +194,11 @@ SEL new_sel = 0; char buf[100]; - assert(len < sizeof(buf)); + // Avoid buffer overflow + // len + "sel" + ':' + '\0' + if ((len + 5) > sizeof(buf)) { + return (SEL)0; + } if (len >= 3 && isalpha(p[len - 3]) && p[len - 2] == '=' && p[len - 1] == ':') {