Skip to content
Browse files

array.c: comment why rb_ary_modify is needed twice

* array.c (rb_ary_initialize): NUM2LONG() may call size.to_int,
  ary can be frozen, modified, etc, so recheck after argument
  conversion is necessary.  [Closes GH-526]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44855 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
  • Loading branch information...
1 parent 38a9831 commit 78b1ca9f0f9f3f2ecc65342158af5e71b6fb8139 @nobu nobu committed Feb 6, 2014
Showing with 2 additions and 0 deletions.
  1. +2 −0 array.c
View
2 array.c
@@ -735,12 +735,14 @@ rb_ary_initialize(int argc, VALUE *argv, VALUE ary)
}
len = NUM2LONG(size);
+ /* NUM2LONG() may call size.to_int, ary can be frozen, modified, etc */
if (len < 0) {
rb_raise(rb_eArgError, "negative array size");
}
if (len > ARY_MAX_SIZE) {
rb_raise(rb_eArgError, "array size too big");
}
+ /* recheck after argument conversion */
rb_ary_modify(ary);
ary_resize_capa(ary, len);
if (rb_block_given_p()) {

0 comments on commit 78b1ca9

Please sign in to comment.
Something went wrong with that request. Please try again.