Prevent splicing big recursive arrrays; ref #3679

We know this is not perfect, but this change makes hack like #3679 bit harder. Harmless for useful cases.
author: Yukihiro "Matz" Matsumoto <[email protected]> 2017-05-31 23:03:39 +0900
committer: Yukihiro "Matz" Matsumoto <[email protected]> 2017-05-31 23:03:39 +0900
commit: 2837de95fe41cc7dd378f9eeea5d0bd217c80323 (patch)
tree: 5904cf4bfbbef9b9968991e20054dd66d298529c /src/array.c
parent: b4a4e3c09abf2e9f790d465539b63e9aa82baa05 (diff)
download: mruby-2837de95fe41cc7dd378f9eeea5d0bd217c80323.tar.gz
mruby-2837de95fe41cc7dd378f9eeea5d0bd217c80323.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/src/array.c b/src/array.c
index 3ab74f95d..1f1127382 100644
--- a/src/array.c
+++ b/src/array.c
@@ -620,7 +620,12 @@ mrb_ary_splice(mrb_state *mrb, mrb_value ary, mrb_int head, mrb_int len, mrb_val
     argc = RARRAY_LEN(rpl);
     argv = RARRAY_PTR(rpl);
     if (argv == a->ptr) {
-      struct RArray *r = ary_dup(mrb, a);
+      struct RArray *r;
+
+      if (argc > 32767) {
+        mrb_raise(mrb, E_ARGUMENT_ERROR, "too big recursive splice");
+      }
+      r = ary_dup(mrb, a);
       argv = r->ptr;
     }
   }
author	Yukihiro "Matz" Matsumoto <[email protected]>	2017-05-31 23:03:39 +0900
committer	Yukihiro "Matz" Matsumoto <[email protected]>	2017-05-31 23:03:39 +0900
commit	2837de95fe41cc7dd378f9eeea5d0bd217c80323 (patch)
tree	5904cf4bfbbef9b9968991e20054dd66d298529c /src/array.c
parent	b4a4e3c09abf2e9f790d465539b63e9aa82baa05 (diff)
download	mruby-2837de95fe41cc7dd378f9eeea5d0bd217c80323.tar.gz mruby-2837de95fe41cc7dd378f9eeea5d0bd217c80323.zip