diff options
| author | Yukihiro "Matz" Matsumoto <[email protected]> | 2018-09-19 20:53:32 +0900 |
|---|---|---|
| committer | Yukihiro "Matz" Matsumoto <[email protected]> | 2018-11-19 11:28:51 +0900 |
| commit | afca99a40b8a3415b3a9a0e8fc41c93ddcbb11d8 (patch) | |
| tree | 6ecbeb3c8a562ce64713ccd4d2d6b1d12e6b5fa2 /mrbgems/mruby-pack | |
| parent | 426c1f9e0b77a27d5384ccdee7f7a49eef0e2ed0 (diff) | |
| download | mruby-afca99a40b8a3415b3a9a0e8fc41c93ddcbb11d8.tar.gz mruby-afca99a40b8a3415b3a9a0e8fc41c93ddcbb11d8.zip | |
Remove implicit conversion using `to_int` method.
The ISO standard does not include implicit type conversion using
`to_int`. This implicit conversion often causes vulnerability.
There will be no more attacks like #4120.
In addition, we have added internal convenience method `__to_int` which
does type check and conversion (from floats).
Diffstat (limited to 'mrbgems/mruby-pack')
| -rw-r--r-- | mrbgems/mruby-pack/src/pack.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/mrbgems/mruby-pack/src/pack.c b/mrbgems/mruby-pack/src/pack.c index 796ba4d34..5caf7b62b 100644 --- a/mrbgems/mruby-pack/src/pack.c +++ b/mrbgems/mruby-pack/src/pack.c @@ -1124,14 +1124,16 @@ mrb_pack_pack(mrb_state *mrb, mrb_value ary) o = mrb_ary_ref(mrb, ary, aidx); if (type == PACK_TYPE_INTEGER) { o = mrb_to_int(mrb, o); + } #ifndef MRB_WITHOUT_FLOAT - } else if (type == PACK_TYPE_FLOAT) { + else if (type == PACK_TYPE_FLOAT) { if (!mrb_float_p(o)) { mrb_float f = mrb_to_flo(mrb, o); o = mrb_float_value(mrb, f); } + } #endif - } else if (type == PACK_TYPE_STRING) { + else if (type == PACK_TYPE_STRING) { if (!mrb_string_p(o)) { mrb_raisef(mrb, E_TYPE_ERROR, "can't convert %S into String", mrb_class_path(mrb, mrb_obj_class(mrb, o))); } |