From: Peter Weldon <redmine@...>
Date: 2010-08-16T13:38:24+09:00
Subject: [ruby-core:31725] [Bug #3700] Buffer overrun in util.c: ruby_hdtoa / nrv_alloc

Bug #3700: Buffer overrun in util.c: ruby_hdtoa / nrv_alloc
http://redmine.ruby-lang.org/issues/show/3700

Author: Peter Weldon
Status: Open, Priority: Normal
Target version: 1.9.x
ruby -v: ruby 1.9.3dev (2010-08-15) [i386-mswin32_100]

util.c (ruby_hdtoa) causes buffer overrun in nrv_alloc when returning copies of constant strings ("0", "NaN", "Infinity"). Detected while running ruby 1.9.3dev (2010-08-15) [i386-mswin32_100], linked with debug crt libs, heap corruption is detected while running test/ruby/test_sprintf.rb. 

Patch attached:
- consistently handling of const return strings in ruby_hdtoa, ruby_dtoa, using rv_strdup
- avoid strlen in rv_strdup
- remove handrolled memcpy in nrv_alloc


----------------------------------------
http://redmine.ruby-lang.org