Backport #2953
nkf segfaults with --numchar-input
| Status: | Closed | Start date: | 03/13/2010 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  wyhaines (Kirk Haines) |
% Done: | 100% |
|
| Category: | - | |||
| Target version: | - |
Description
http://pc12.2ch.net/test/read.cgi/tech/1267668057/375 より引用。
$ cat a.rb
require 'nkf'
sikaru = NKF.nkf('-w, --numchar-input', %w(20B9F).map{|s| "#{s};"}.join)
p sikaru
puts sikaru
$ ruby -Ku ./a.rb
a.rb:2: [BUG] Segmentation fault
ruby 1.8.7 (2010-01-10 patchlevel 249) [i686-linux]
1.8.6から1.8.8まで同様です。
Index: ext/nkf/nkf-utf8/nkf.c
===================================================================
--- ext/nkf/nkf-utf8/nkf.c (revision 26898)
+++ ext/nkf/nkf-utf8/nkf.c (working copy)
@@ -5005,5 +5005,5 @@ nkf_char numchar_getc(FILE *f)
nkf_char (*u)(nkf_char c ,FILE *f) = i_nungetc;
int i = 0, j;
- nkf_char buf[8];
+ nkf_char buf[10];
long c = -1;
Related issues
Associated revisions
* ext/nkf/nkf-utf8/nkf.c (numchar_getc): get rid of buffer
overflow. [ruby-dev:40606]
merge revision(s) 26903:
* ext/nkf/nkf-utf8/nkf.c (numchar_getc): get rid of buffer
overflow. [ruby-dev:40606]
ext/nkf/nkf-utf8/nkf.c: Backport #2953 [ruby-dev:40606]; change nkf_char buffer in numchar_getc() size form 8 to 10 to avoid potential for a segfault.
test/nkf/test_nkf.rb: Added a test for the change.
History
Updated by nobu (Nobuyoshi Nakada) about 2 years ago
- Status changed from Open to Closed
- % Done changed from 0 to 100
This issue was solved with changeset r26903. Nobuyoshi, thank you for reporting this issue. Your contribution to Ruby is greatly appreciated. May Ruby be with you.
Updated by naruse (Yui NARUSE) about 2 years ago
- Status changed from Closed to Assigned
- Assignee set to shyouhei (Shyouhei Urabe)
Updated by shyouhei (Shyouhei Urabe) almost 2 years ago
- Status changed from Assigned to Closed
This issue was solved with changeset r28195. Nobuyoshi, thank you for reporting this issue. Your contribution to Ruby is greatly appreciated. May Ruby be with you.
Updated by shyouhei (Shyouhei Urabe) almost 2 years ago
- Status changed from Closed to Assigned
- Assignee changed from shyouhei (Shyouhei Urabe) to wyhaines (Kirk Haines)
Seems 1.8.6 also suffers this.
Updated by wyhaines (Kirk Haines) almost 2 years ago
- Status changed from Assigned to Closed
This issue was solved with changeset r28242. Nobuyoshi, thank you for reporting this issue. Your contribution to Ruby is greatly appreciated. May Ruby be with you.