Project

General

Profile

Download (8.34 KB)

Bug #3783 ยป rb_check_frozen.patch

runpaint (Run Paint Run Run), 09/02/2010 09:20 PM

View differences:

array.c
static inline void
rb_ary_modify_check(VALUE ary)
{
if (OBJ_FROZEN(ary)) rb_error_frozen("array");
rb_check_frozen(ary);
if (!OBJ_UNTRUSTED(ary) && rb_safe_level() >= 4)
rb_raise(rb_eSecurityError, "Insecure: can't modify array");
}
gc.c
undefine_final(VALUE os, VALUE obj)
{
rb_objspace_t *objspace = &rb_objspace;
if (OBJ_FROZEN(obj)) rb_error_frozen("object");
rb_check_frozen(obj);
if (finalizer_table) {
st_delete(finalizer_table, (st_data_t*)&obj, 0);
}
......
VALUE obj, block, table;
rb_scan_args(argc, argv, "11", &obj, &block);
if (OBJ_FROZEN(obj)) rb_error_frozen("object");
rb_check_frozen(obj);
if (argc == 1) {
block = rb_block_proc();
}
hash.c
static void
rb_hash_modify_check(VALUE hash)
{
if (OBJ_FROZEN(hash)) rb_error_frozen("hash");
rb_check_frozen(hash);
if (!OBJ_UNTRUSTED(hash) && rb_safe_level() >= 4)
rb_raise(rb_eSecurityError, "Insecure: can't modify hash");
}
object.c
{
rb_secure(4);
if (!OBJ_TAINTED(obj)) {
if (OBJ_FROZEN(obj)) {
rb_error_frozen("object");
}
rb_check_frozen(obj);
OBJ_TAINT(obj);
}
return obj;
......
{
rb_secure(3);
if (OBJ_TAINTED(obj)) {
if (OBJ_FROZEN(obj)) {
rb_error_frozen("object");
}
rb_check_frozen(obj);
FL_UNSET(obj, FL_TAINT);
}
return obj;
......
{
rb_secure(4);
if (!OBJ_UNTRUSTED(obj)) {
if (OBJ_FROZEN(obj)) {
rb_error_frozen("object");
}
rb_check_frozen(obj);
OBJ_UNTRUST(obj);
}
return obj;
......
{
rb_secure(3);
if (OBJ_UNTRUSTED(obj)) {
if (OBJ_FROZEN(obj)) {
rb_error_frozen("object");
}
rb_check_frozen(obj);
FL_UNSET(obj, FL_UNTRUSTED);
}
return obj;
string.c
}
}
static inline void
str_frozen_check(VALUE s)
{
if (OBJ_FROZEN(s)) {
rb_raise(rb_eRuntimeError, "string frozen");
}
}
size_t
rb_str_capacity(VALUE str)
{
......
if (FL_TEST(str, STR_TMPLOCK)) {
rb_raise(rb_eRuntimeError, "can't modify string; temporarily locked");
}
if (OBJ_FROZEN(str)) rb_error_frozen("string");
rb_check_frozen(str);
if (!OBJ_UNTRUSTED(str) && rb_safe_level() >= 4)
rb_raise(rb_eSecurityError, "Insecure: can't modify string");
}
......
rb_str_associate(VALUE str, VALUE add)
{
/* sanity check */
if (OBJ_FROZEN(str)) rb_error_frozen("string");
rb_check_frozen(str);
if (STR_ASSOC_P(str)) {
/* already associated */
rb_ary_concat(RSTRING(str)->as.heap.aux.shared, add);
......
repl = rb_obj_as_string(repl);
}
str_mod_check(str, p, len);
str_frozen_check(str);
rb_check_frozen(str);
}
else {
repl = rb_reg_regsub(repl, str, regs, pat);
struct.c
static void
rb_struct_modify(VALUE s)
{
if (OBJ_FROZEN(s)) rb_error_frozen("Struct");
rb_check_frozen(s);
if (!OBJ_UNTRUSTED(s) && rb_safe_level() >= 4)
rb_raise(rb_eSecurityError, "Insecure: can't modify Struct");
}
transcode.c
VALUE newstr;
int encidx;
if (OBJ_FROZEN(str)) { /* in future, may use str_frozen_check from string.c, but that's currently static */
rb_raise(rb_eRuntimeError, "string frozen");
}
rb_check_frozen(str);
newstr = str;
encidx = str_transcode(argc, argv, &newstr);
variable.c
if (!OBJ_UNTRUSTED(obj) && rb_safe_level() >= 4)
rb_raise(rb_eSecurityError, "Insecure: can't modify instance variable");
if (OBJ_FROZEN(obj)) rb_error_frozen("object");
rb_check_frozen(obj);
switch (TYPE(obj)) {
case T_OBJECT:
iv_index_tbl = ROBJECT_IV_INDEX_TBL(obj);
......
if (!OBJ_UNTRUSTED(obj) && rb_safe_level() >= 4)
rb_raise(rb_eSecurityError, "Insecure: can't modify instance variable");
if (OBJ_FROZEN(obj)) rb_error_frozen("object");
rb_check_frozen(obj);
if (!rb_is_instance_id(id)) {
rb_name_error(id, "`%s' is not allowed as an instance variable name", rb_id2name(id));
}
......
if (!OBJ_UNTRUSTED(mod) && rb_safe_level() >= 4)
rb_raise(rb_eSecurityError, "Insecure: can't remove constant");
if (OBJ_FROZEN(mod)) rb_error_frozen("class/module");
rb_check_frozen(mod);
if (!RCLASS_IV_TBL(mod) || !st_delete(RCLASS_IV_TBL(mod), &n, &v)) {
if (rb_const_defined_at(mod, id)) {
rb_name_error(id, "cannot remove %s::%s",
......
if (!OBJ_UNTRUSTED(klass) && rb_safe_level() >= 4)
rb_raise(rb_eSecurityError, "Insecure: can't set %s", dest);
if (OBJ_FROZEN(klass)) {
if (BUILTIN_TYPE(klass) == T_MODULE) {
rb_error_frozen("module");
}
else {
rb_error_frozen("class");
}
}
rb_check_frozen(klass);
if (!RCLASS_IV_TBL(klass)) {
RCLASS_IV_TBL(klass) = st_init_numtable();
}
......
}
if (!OBJ_UNTRUSTED(mod) && rb_safe_level() >= 4)
rb_raise(rb_eSecurityError, "Insecure: can't remove class variable");
if (OBJ_FROZEN(mod)) rb_error_frozen("class/module");
rb_check_frozen(mod);
if (RCLASS_IV_TBL(mod) && st_delete(RCLASS_IV_TBL(mod), &n, &val)) {
return (VALUE)val;
}
vm.c
rb_id2name(id), rb_obj_classname(obj));
}
if (OBJ_FROZEN(obj)) {
rb_error_frozen("object");
}
rb_check_frozen(obj);
klass = rb_singleton_class(obj);
noex = NOEX_PUBLIC;
}
vm_insnhelper.c
if (!OBJ_UNTRUSTED(obj) && rb_safe_level() >= 4) {
rb_raise(rb_eSecurityError, "Insecure: can't modify instance variable");
}
if (OBJ_FROZEN(obj)) {
rb_error_frozen("object");
}
rb_check_frozen(obj);
if (TYPE(obj) == T_OBJECT) {
VALUE klass = RBASIC(obj)->klass;
vm_method.c
rb_class2name(rb_ivar_get(klass, attached)));
mid = ID_ALLOCATOR;
}
if (OBJ_FROZEN(klass)) {
rb_error_frozen("class/module");
}
rb_check_frozen(klass);
mtbl = RCLASS_M_TBL(klass);
/* check re-definition */
......
if (rb_safe_level() >= 4 && !OBJ_UNTRUSTED(klass)) {
rb_raise(rb_eSecurityError, "Insecure: can't remove method");
}
if (OBJ_FROZEN(klass))
rb_error_frozen("class/module");
rb_check_frozen(klass);
if (mid == object_id || mid == id__send__ || mid == idInitialize) {
rb_warn("removing `%s' may cause serious problems", rb_id2name(mid));
}
    (1-1/1)