Permalink
Browse files

Check if the value is fixnum before mrb_funcall(); fix #3476

The issue is reported by https://hackerone.com/aerodudrizzt
  • Loading branch information...
matz committed Feb 28, 2017
1 parent a76dc04 commit bdac7dfae818908f7459fc086727b717aa586c7d
Showing with 2 additions and 2 deletions.
  1. +2 −2 src/string.c
View
@@ -959,8 +959,8 @@ mrb_str_cmp_m(mrb_state *mrb, mrb_value str1)
else {
mrb_value tmp = mrb_funcall(mrb, str2, "<=>", 1, str1);
if (mrb_nil_p(tmp)) return mrb_nil_value();
if (!mrb_fixnum(tmp)) {
if (!mrb_nil_p(tmp)) return mrb_nil_value();
if (!mrb_fixnum_p(tmp)) {
return mrb_funcall(mrb, mrb_fixnum_value(0), "-", 1, tmp);
}
result = -mrb_fixnum(tmp);

0 comments on commit bdac7df

Please sign in to comment.