Backport #2953

nkf segfaults with --numchar-input

Added by Nobuyoshi Nakada almost 2 years ago. Updated 10 months ago.

[ruby-dev:40606]
Status:Closed Start date:03/13/2010
Priority:Normal Due date:
Assignee:Kirk Haines % Done:

100%
Category:-
Target version:-

Description

http://pc12.2ch.net/test/read.cgi/tech/1267668057/375 より引用。

$ cat a.rb
require 'nkf'
sikaru = NKF.nkf('-w, --numchar-input', %w(20B9F).map{|s| "#{s};"}.join)
p sikaru
puts sikaru
$ ruby -Ku ./a.rb
a.rb:2: [BUG] Segmentation fault
ruby 1.8.7 (2010-01-10 patchlevel 249) [i686-linux]

1.8.6から1.8.8まで同様です。


Index: ext/nkf/nkf-utf8/nkf.c
===================================================================
--- ext/nkf/nkf-utf8/nkf.c	(revision 26898)
+++ ext/nkf/nkf-utf8/nkf.c	(working copy)
@@ -5005,5 +5005,5 @@ nkf_char numchar_getc(FILE *f)
     nkf_char (*u)(nkf_char c ,FILE *f) = i_nungetc;
     int i = 0, j;
-    nkf_char buf[8];
+    nkf_char buf[10];
     long c = -1;

Related issues

related to ruby-trunk - Bug #2954: wrong result of nkf with --numchar-input Closed 03/13/2010

Associated revisions

Revision 26903
Added by nobu almost 2 years ago

* ext/nkf/nkf-utf8/nkf.c (numchar_getc): get rid of buffer overflow. [ruby-dev:40606]

Revision 28195
Added by shyouhei over 1 year ago

merge revision(s) 26903: * ext/nkf/nkf-utf8/nkf.c (numchar_getc): get rid of buffer overflow. [ruby-dev:40606]

Revision 28242
Added by wyhaines over 1 year ago

ext/nkf/nkf-utf8/nkf.c: Backport #2953 [ruby-dev:40606]; change nkf_char buffer in numchar_getc() size form 8 to 10 to avoid potential for a segfault. test/nkf/test_nkf.rb: Added a test for the change.

History

#1
Updated by Nobuyoshi Nakada almost 2 years ago

  • Status changed from Open to Closed
  • % Done changed from 0 to 100
This issue was solved with changeset r26903.
Nobuyoshi, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.

#2
Updated by Yui NARUSE almost 2 years ago

  • Status changed from Closed to Assigned
  • Assignee set to Shyouhei Urabe

#3
Updated by Shyouhei Urabe over 1 year ago

  • Status changed from Assigned to Closed
This issue was solved with changeset r28195.
Nobuyoshi, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.

#4
Updated by Shyouhei Urabe over 1 year ago

  • Status changed from Closed to Assigned
  • Assignee changed from Shyouhei Urabe to Kirk Haines
Seems 1.8.6 also suffers this.

#5
Updated by Kirk Haines over 1 year ago

  • Status changed from Assigned to Closed
This issue was solved with changeset r28242.
Nobuyoshi, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.

Also available in: Atom PDF