Overview

File CVE-2013-4164.patch of Package ruby19.openSUSE_12.2_Update

diff -Naur b/ChangeLog c/ChangeLog
--- b/ChangeLog	2013-02-22 10:37:09.000000000 +0100
+++ c/ChangeLog	2013-11-23 18:53:05.313162517 +0100
@@ -1,3 +1,8 @@
+Fri Nov 22 12:44:56 2013  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+   * util.c (ruby_strtod): ignore too long fraction part, which does not
+     affect the result.
+
 Fri Feb 22 18:36:51 2013  Aaron Patterson <aaron@tenderlovemaking.com>
 
 	* lib/rexml/document.rb (REXML::Document.entity_expansion_text_limit):
diff -Naur b/test/ruby/test_float.rb c/test/ruby/test_float.rb
--- b/test/ruby/test_float.rb 2013-11-22 20:43:29.912074722 +0100
+++ c/test/ruby/test_float.rb 2013-11-22 20:51:25.533102115 +0100
@@ -519,4 +519,16 @@
       sleep(0.1+0.1+0.1+0.1+0.1+0.1+0.1+0.1+0.1+0.1)
     end
   end
+
+  def test_long_string
+    assert_normal_exit(<<-'end;')
+    assert_in_epsilon(10.0, ("1."+"1"*300000).to_f*9)
+    end;
+  end
+
+  def test_long_string
+    assert_normal_exit(<<-'end;')
+    assert_in_epsilon(10.0, ("1."+"1"*300000).to_f*9)
+    end;
+  end
 end
diff -Naur b/util.c c/util.c
--- b/util.c  2013-11-22 20:43:29.920074722 +0100
+++ c/util.c  2013-11-22 20:51:25.534102115 +0100
@@ -674,6 +674,11 @@
 #else
 #define MALLOC malloc
 #endif
+#ifdef FREE
+extern void FREE(void*);
+#else
+#define FREE free
+#endif
 
 #ifndef Omit_Private_Memory
 #ifndef PRIVATE_MEM
@@ -964,7 +969,7 @@
 #endif
 
     ACQUIRE_DTOA_LOCK(0);
-    if ((rv = freelist[k]) != 0) {
+    if (k <= Kmax && (rv = freelist[k]) != 0) {
         freelist[k] = rv->next;
     }
     else {
@@ -974,7 +979,7 @@
 #else
         len = (sizeof(Bigint) + (x-1)*sizeof(ULong) + sizeof(double) - 1)
                 /sizeof(double);
-        if (pmem_next - private_mem + len <= PRIVATE_mem) {
+        if (k <= Kmax && pmem_next - private_mem + len <= PRIVATE_mem) {
             rv = (Bigint*)pmem_next;
             pmem_next += len;
         }
@@ -993,6 +998,10 @@
 Bfree(Bigint *v)
 {
     if (v) {
+        if (v->k > Kmax) {
+            FREE(v);
+            return;
+        }
         ACQUIRE_DTOA_LOCK(0);
         v->next = freelist[v->k];
         freelist[v->k] = v;
@@ -2053,6 +2062,7 @@
         for (; c >= '0' && c <= '9'; c = *++s) {
 have_dig:
             nz++;
+            if (nf > DBL_DIG * 4) continue;
             if (c -= '0') {
                 nf += nz;
                 for (i = 1; i < nz; i++)
openSUSE Build Service is sponsored by
Places