diff options
| author | Bouke van der Bijl <[email protected]> | 2016-11-16 17:14:16 -0500 |
|---|---|---|
| committer | Bouke van der Bijl <[email protected]> | 2016-11-25 11:15:57 -0500 |
| commit | b7f9a58757bdf30e9d64191ac47d81144e3f6098 (patch) | |
| tree | 1b78e768a09290378957fe04a682ff66cb9dcb3f | |
| parent | 743c1e7be190eca83a08b95b0f6045cbdc9ba625 (diff) | |
| download | mruby-b7f9a58757bdf30e9d64191ac47d81144e3f6098.tar.gz mruby-b7f9a58757bdf30e9d64191ac47d81144e3f6098.zip | |
Fix null pointer dereference in mrb_time_initialize
Reported by https://hackerone.com/raydot
| -rw-r--r-- | mrbgems/mruby-time/src/time.c | 4 | ||||
| -rw-r--r-- | mrbgems/mruby-time/test/time.rb | 11 |
2 files changed, 13 insertions, 2 deletions
diff --git a/mrbgems/mruby-time/src/time.c b/mrbgems/mruby-time/src/time.c index 5c23bd44a..dfd4450da 100644 --- a/mrbgems/mruby-time/src/time.c +++ b/mrbgems/mruby-time/src/time.c @@ -587,14 +587,14 @@ mrb_time_initialize(mrb_state *mrb, mrb_value self) int n; struct mrb_time *tm; + n = mrb_get_args(mrb, "|iiiiiii", + &ayear, &amonth, &aday, &ahour, &amin, &asec, &ausec); tm = (struct mrb_time*)DATA_PTR(self); if (tm) { mrb_free(mrb, tm); } mrb_data_init(self, NULL, &mrb_time_type); - n = mrb_get_args(mrb, "|iiiiiii", - &ayear, &amonth, &aday, &ahour, &amin, &asec, &ausec); if (n == 0) { tm = current_mrb_time(mrb); } diff --git a/mrbgems/mruby-time/test/time.rb b/mrbgems/mruby-time/test/time.rb index 759e2881d..91a646759 100644 --- a/mrbgems/mruby-time/test/time.rb +++ b/mrbgems/mruby-time/test/time.rb @@ -211,3 +211,14 @@ assert('2000 times 500us make a second') do end t.usec == 0 end + +assert("Time#initialize doens't leave uninitialized object accessible") do + assert_raise ArgumentError do + $x = Time.new + a = Object.new + def a.to_i + $x.mday + end + $x.initialize a + end +end |