diff --git ChangeLog ChangeLog index d269bc5..43bebc9 100644 --- ChangeLog +++ ChangeLog @@ -1,3 +1,7 @@ +Tue Apr 15 23:40:39 2008 Akinori MUSHA + + * ext/syck/rubyext.c (rb_syck_mktime): Avoid buffer overflow. + Tue Apr 15 20:32:03 2008 Tanaka Akira * re.c (match_inspect): backported from 1.9. diff --git ext/syck/rubyext.c ext/syck/rubyext.c index 078de4f..8c4027f 100644 --- ext/syck/rubyext.c +++ ext/syck/rubyext.c @@ -268,9 +268,13 @@ rb_syck_mktime(str, len) { char padded[] = "000000"; char *end = ptr + 1; + char *p = end; while ( isdigit( *end ) ) end++; - MEMCPY(padded, ptr + 1, char, end - (ptr + 1)); - usec = strtol(padded, NULL, 10); + if (end - p < sizeof(padded)) { + MEMCPY(padded, ptr + 1, char, end - (ptr + 1)); + p = padded; + } + usec = strtol(p, NULL, 10); } else {