mruby-string-utf8: String#reverse! may leak memory when mrb_str_modify() raises exception

author Yukihiro "Matz" Matsumoto <[email protected]>

Thu, 17 Apr 2014 15:56:50 +0000 (18 00:56 +0900)

committer Yukihiro "Matz" Matsumoto <[email protected]>

Thu, 17 Apr 2014 15:56:50 +0000 (18 00:56 +0900)
author Yukihiro "Matz" Matsumoto <[email protected]>
Thu, 17 Apr 2014 15:56:50 +0000 (18 00:56 +0900)
committer Yukihiro "Matz" Matsumoto <[email protected]>
Thu, 17 Apr 2014 15:56:50 +0000 (18 00:56 +0900)
diff --git a/mrbgems/mruby-string-utf8/src/string.c b/mrbgems/mruby-string-utf8/src/string.c

index fec0752..240a772 100644 (file)
--- a/mrbgems/mruby-string-utf8/src/string.c
+++ b/mrbgems/mruby-string-utf8/src/string.c
@@ -341,14 +341,17 @@ mrb_str_reverse_bang(mrb_state *mrb, mrb_value str)
  {
    mrb_int utf8_len = mrb_utf8_strlen(str, -1);
    if (utf8_len > 1) {
-    mrb_int len = RSTRING_LEN(str);
-    char *buf = (char *)mrb_malloc(mrb, (size_t)len);
-    unsigned char* p = (unsigned char*)buf;
-    unsigned char* e = (unsigned char*)buf + len;
-    unsigned char* r;
+    mrb_int len;
+    char *buf;
+    unsigned char *p, *e, *r;
  
-    memcpy(buf, RSTRING_PTR(str), len);
      mrb_str_modify(mrb, mrb_str_ptr(str));
+    len = RSTRING_LEN(str);
+    buf = (char *)mrb_malloc(mrb, (size_t)len);
+    p = (unsigned char*)buf;
+    e = (unsigned char*)buf + len;
+
+    memcpy(buf, RSTRING_PTR(str), len);
      r = (unsigned char*)RSTRING_PTR(str) + len;
  
      while (p<e) {
author	Yukihiro "Matz" Matsumoto <[email protected]>
	Thu, 17 Apr 2014 15:56:50 +0000 (18 00:56 +0900)
committer	Yukihiro "Matz" Matsumoto <[email protected]>
	Thu, 17 Apr 2014 15:56:50 +0000 (18 00:56 +0900)