Skip to content

Commit

Permalink
Avoid crash if hv.n is greater than kh_size(h); fix #3565
Browse files Browse the repository at this point in the history
The resulting behavior is different from CRuby, but modifying
hash key afterwards is undefined behavior in ISO spec.
  • Loading branch information
matz committed Mar 31, 2017
1 parent 952207d commit 39ca4ef
Showing 1 changed file with 9 additions and 3 deletions.
12 changes: 9 additions & 3 deletions src/hash.c
Original file line number Diff line number Diff line change
Expand Up @@ -750,20 +750,26 @@ MRB_API mrb_value
mrb_hash_keys(mrb_state *mrb, mrb_value hash)
{
khash_t(ht) *h = RHASH_TBL(hash);
khiter_t k;
khiter_t k, end;
mrb_value ary;
mrb_value *p;

if (!h || kh_size(h) == 0) return mrb_ary_new(mrb);
ary = mrb_ary_new_capa(mrb, kh_size(h));
mrb_ary_set(mrb, ary, kh_size(h)-1, mrb_nil_value());
end = kh_size(h)-1;
mrb_ary_set(mrb, ary, end, mrb_nil_value());
p = mrb_ary_ptr(ary)->ptr;
for (k = kh_begin(h); k != kh_end(h); k++) {
if (kh_exist(h, k)) {
mrb_value kv = kh_key(h, k);
mrb_hash_value hv = kh_value(h, k);

p[hv.n] = kv;
if (hv.n <= end) {
p[hv.n] = kv;
}
else {
p[end] = kv;
}
}
}
return ary;
Expand Down

0 comments on commit 39ca4ef

Please sign in to comment.