rb_ary_aplice, rb_ary_times): integer overflows should be
checked. based on patches from Drew Yao <ayao at apple.com>
fixed CVE-2008-2726
* string.c (rb_str_buf_append): fixed unsafe use of alloca,
which led memory corruption. based on a patch from Drew Yao
<ayao at apple.com> fixed CVE-2008-2726
* sprintf.c (rb_str_format): backported from trunk.
* intern.h: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@17460 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
value is specified as step. [rubyspec]
(range_step): Make use of String#step internally if a string (or
string-alike) range is given.
* string.c (rb_str_upto_m, Init_String): Add an optional second
argument to specify if the last value should be included.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@16670 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Christopher Thompson <cthompson at nexopia.com> in [ruby-core:16746]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@16400 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
enumerator integration. #lines and #bytes are now aliases to
#each_line and #each_byte, respectively.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@16000 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
rb_str_start_with, rb_str_end_with): New methods:
String#partition, #rpartition, #start_with? and #end_with?;
backported from 1.9. These methods are $KCODE aware unlike
#index, #rindex and #include?.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@15998 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
with #to_str method, as well as rb_str_index_m. [ruby-core:11692]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@12805 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
before actually modifying the string.
fixed: [ruby-dev:30211] (originally reported by zunda)
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@11597 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
string, but not the shared string. fixed: [ruby-core:09152]
* strnig.c (rb_str_new4): keep shared string untainted when orignal
string is tainted. fixed: [ruby-dev:29672]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@11201 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
level is greater than zero. [ruby-core:08862]
* parse.y (rb_interned_p): new function to check if a string is
already interned.
* object.c (str_to_id): use rb_str_intern().
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10930 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
may not be defined to shut up gcc's -Wundef warnings.
[ruby-core:08447]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10648 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
safe levels higher than 3.
* re.c (rb_memcmp): type change from char* to const void*.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@10156 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
cookie name. [ruby-talk:156140]
* string.c (rb_str_substr): should propagate taintness even for
empty strings. [ruby-dev:27121]
* string.c (rb_str_aref): should infect result if range argument
is tainted. [ruby-dev:27121]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@9200 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* struct.c (rb_struct_set): use original method name, not callee
name, to retrieve member slot. [ruby-core:04268]
* time.c (time_strftime): protect from format modification from GC
finalizers.
* gc.c (rb_data_object_alloc): klass may be NULL.
[ruby-list:40498]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@7791 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
