Merge pull request rubinius#1189 from yipdw/issue-1185

[PATCH] Zlib::GzipWriter#write segfaults when given large (2^23 byte) strings

spec/ruby/library/zlib/gzipwriter/write_spec.rb

@@ -20,5 +20,13 @@
     @io.string[10..-1].should == @zip[10..-1]
   end
 
-end
+  it "handles inputs of 2^23 bytes" do
+    input = '.' * (2 ** 23)
+
+    Zlib::GzipWriter.wrap @io do |gzio|
+      gzio.write input
+    end
 
+    @io.string.size.should == 8176
+  end
+end

vm/builtin/nativefunction.cpp

@@ -656,8 +656,12 @@ namespace rubinius {
     RootBuffer vrf(state->root_buffers(), args.arguments(), args.total());
 
     void** values = ALLOCA_N(void*, ffi_data->arg_count);
+    void** heap_allocations = ALLOCA_N(void*, ffi_data->arg_count);
+    size_t i;
+
+    for(i = 0; i < ffi_data->arg_count; i++) {
+      heap_allocations[i] = NULL;
 
-    for(size_t i = 0; i < ffi_data->arg_count; i++) {
       switch(ffi_data->arg_types[i]) {
       case RBX_FFI_TYPE_CHAR: {
         char* tmp = ALLOCA(char);
@@ -861,9 +865,16 @@ namespace rubinius {
           so = as<String>(obj);
           size = so->size();
 
-          char* data = ALLOCA_N(char, size + 1);
+          char* data = (char *)malloc(sizeof(char) * (size + 1));
+
+          if (!data) {
+            rubinius::bug("could not allocate memory for string");
+          }
+
           memcpy(data, so->c_str(state), size);
           data[size] = 0;
+
+          heap_allocations[i] = data;
           *tmp = data;
         }
         values[i] = tmp;
@@ -1034,6 +1045,12 @@ namespace rubinius {
 
     env->set_current_call_frame(saved_frame);
 
+    for(i = 0; i < ffi_data->arg_count; i++) {
+      if (heap_allocations[i]) {
+        free(heap_allocations[i]);
+      }
+    }
+
     return ret;
   }