diff options
| author | nagachika <[email protected]> | 2025-06-15 12:51:29 +0900 |
|---|---|---|
| committer | nagachika <[email protected]> | 2025-06-15 12:51:29 +0900 |
| commit | 8908cb07829628115f7455508c2d5885ac99c939 (patch) | |
| tree | 0db7bdcf17c9763966adb9309230bb103b8cc94c /string.c | |
| parent | a205407e165e4570b8b6d6e4b7a019b51962ecba (diff) | |
merge revision(s) fa85d23ff4a02985ebfe0716b0ff768f5b4fe13d: [Backport #21380]ruby_3_3
[Bug #21380] Prohibit modification in String#split block
Reported at https://hackerone.com/reports/3163876
Diffstat (limited to 'string.c')
| -rw-r--r-- | string.c | 11 |
1 files changed, 7 insertions, 4 deletions
@@ -8813,11 +8813,15 @@ rb_str_split_m(int argc, VALUE *argv, VALUE str) } } -#define SPLIT_STR(beg, len) (empty_count = split_string(result, str, beg, len, empty_count)) +#define SPLIT_STR(beg, len) ( \ + empty_count = split_string(result, str, beg, len, empty_count), \ + str_mod_check(str, str_start, str_len)) beg = 0; char *ptr = RSTRING_PTR(str); - char *eptr = RSTRING_END(str); + char *const str_start = ptr; + const long str_len = RSTRING_LEN(str); + char *const eptr = str_start + str_len; if (split_type == SPLIT_TYPE_AWK) { char *bptr = ptr; int skip = 1; @@ -8878,7 +8882,6 @@ rb_str_split_m(int argc, VALUE *argv, VALUE str) } } else if (split_type == SPLIT_TYPE_STRING) { - char *str_start = ptr; char *substr_start = ptr; char *sptr = RSTRING_PTR(spat); long slen = RSTRING_LEN(spat); @@ -8895,6 +8898,7 @@ rb_str_split_m(int argc, VALUE *argv, VALUE str) continue; } SPLIT_STR(substr_start - str_start, (ptr+end) - substr_start); + str_mod_check(spat, sptr, slen); ptr += end + slen; substr_start = ptr; if (!NIL_P(limit) && lim <= ++i) break; @@ -8902,7 +8906,6 @@ rb_str_split_m(int argc, VALUE *argv, VALUE str) beg = ptr - str_start; } else if (split_type == SPLIT_TYPE_CHARS) { - char *str_start = ptr; int n; if (result) result = rb_ary_new_capa(RSTRING_LEN(str)); |