-
NARUSE, Yui authored
st.c (rb_hash_bulk_insert_into_st_table): avoid out-of-bounds write "hash_bulk_insert" first expands the table, but the target size was wrong: it was calculated by "num_entries + (size to buld insert)", but it was wrong when "num_entries < entries_bound", i.e., it has a deleted entry. "hash_bulk_insert" adds the given entries from entries_bound, which led to out-of-bounds write access. [Bug #15536] As a simple fix, this commit changes the calculation to "entries_bound + size". I'm afraid if this might be inefficient, but I think it is safe anyway. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@66853 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
NARUSE, Yui authoredst.c (rb_hash_bulk_insert_into_st_table): avoid out-of-bounds write "hash_bulk_insert" first expands the table, but the target size was wrong: it was calculated by "num_entries + (size to buld insert)", but it was wrong when "num_entries < entries_bound", i.e., it has a deleted entry. "hash_bulk_insert" adds the given entries from entries_bound, which led to out-of-bounds write access. [Bug #15536] As a simple fix, this commit changes the calculation to "entries_bound + size". I'm afraid if this might be inefficient, but I think it is safe anyway. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@66853 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Loading