[macruby-changes] [3773] MacRuby/trunk/dispatcher.cpp
source_changes at macosforge.org
source_changes at macosforge.org
Tue Mar 16 15:04:37 PDT 2010
Revision: 3773
http://trac.macosforge.org/projects/ruby/changeset/3773
Author: martinlagardette at apple.com
Date: 2010-03-16 15:04:35 -0700 (Tue, 16 Mar 2010)
Log Message:
-----------
Avoid buffer overflow in helper_sel
- Make sure we do not write more than allocated in the static buffer by checking the size of the selector. Return (SEL)0 (aka "no helper selector found") if the selector len is too big.
- Fixes 7682623
Modified Paths:
--------------
MacRuby/trunk/dispatcher.cpp
Modified: MacRuby/trunk/dispatcher.cpp
===================================================================
--- MacRuby/trunk/dispatcher.cpp 2010-03-16 20:46:19 UTC (rev 3772)
+++ MacRuby/trunk/dispatcher.cpp 2010-03-16 22:04:35 UTC (rev 3773)
@@ -194,7 +194,11 @@
SEL new_sel = 0;
char buf[100];
- assert(len < sizeof(buf));
+ // Avoid buffer overflow
+ // len + "sel" + ':' + '\0'
+ if ((len + 5) > sizeof(buf)) {
+ return (SEL)0;
+ }
if (len >= 3 && isalpha(p[len - 3]) && p[len - 2] == '='
&& p[len - 1] == ':') {
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/macruby-changes/attachments/20100316/7acabdc6/attachment-0001.html>
More information about the macruby-changes
mailing list