archive/ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2025-08-15 13:39:04 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Fix stack buffer overflow

Browse source 
https://hackerone.com/reports/1306859
This commit is contained in:
Nobuyoshi Nakada 2021-08-17 22:01:57 +09:00
parent 9873af0b1a
commit bcc2bb28b0
Notes: git 2021-12-10 01:05:21 +09:00
2 changed files with 5 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

7
random.c
View file

@ -365,15 +365,12 @@ rand_init(const rb_random_interface_t *rng, rb_random_t *rnd, VALUE seed)
int sign;
len = rb_absint_numwords(seed, 32, NULL);
if (len == 0) len = 1;
buf = ALLOCV_N(uint32_t, buf0, len);
sign = rb_integer_pack(seed, buf, len, sizeof(uint32_t), 0,
INTEGER_PACK_LSWORD_FIRST|INTEGER_PACK_NATIVE_BYTE_ORDER);
if (sign < 0)
sign = -sign;
if (len == 0) {
buf[0] = 0;
len = 1;
}
if (len > 1) {
if (sign != 2 && buf[len-1] == 1) /* remove leading-zero-guard */
len--;
@ -883,7 +880,7 @@ rand_mt_init(rb_random_t *rnd, const uint32_t *buf, size_t len)
{
struct MT *mt = &((rb_random_mt_t *)rnd)->mt;
if (len <= 1) {
init_genrand(mt, buf[0]);
init_genrand(mt, len ? buf[0] : 0);
}
else {
init_by_array(mt, buf, (int)len);