Permalink
Browse files

Prevent splicing big recursive arrrays; ref #3679

We know this is not perfect, but this change makes hack like #3679
bit harder. Harmless for useful cases.
  • Loading branch information...
matz committed May 31, 2017
1 parent b4a4e3c commit 2837de95fe41cc7dd378f9eeea5d0bd217c80323
Showing with 6 additions and 1 deletion.
  1. +6 −1 src/array.c
View
@@ -620,7 +620,12 @@ mrb_ary_splice(mrb_state *mrb, mrb_value ary, mrb_int head, mrb_int len, mrb_val
argc = RARRAY_LEN(rpl);
argv = RARRAY_PTR(rpl);
if (argv == a->ptr) {
struct RArray *r = ary_dup(mrb, a);
struct RArray *r;
if (argc > 32767) {
mrb_raise(mrb, E_ARGUMENT_ERROR, "too big recursive splice");
}
r = ary_dup(mrb, a);
argv = r->ptr;
}
}

0 comments on commit 2837de9

Please sign in to comment.