Skip to content
This repository has been archived by the owner on Mar 7, 2023. It is now read-only.

Fix incorrect usage of rb_get_args #43

Open
rkevin-arch opened this issue Jul 25, 2021 · 1 comment
Open

Fix incorrect usage of rb_get_args #43

rkevin-arch opened this issue Jul 25, 2021 · 1 comment
Assignees
@rkevin-arch

Comments

@rkevin-arch
Copy link
Collaborator

rkevin-arch commented Jul 25, 2021
edited
Loading

The current implementation of rb_get_args to get ruby strings is unsafe. When the format string uses z, it returns a char* using RSTRING_PTR, which isn't even guaranteed to be null terminated. It's sort of a miracle that we haven't seen more crashes related to this (maybe plain ASCII strings are safe, but we sure as heck shouldn't rely on it).

This means only using s is safe, but its implementation actually has an error (not incrementing the pointer at all (binding-mri.cpp#169)) and is not used anywhere in the repo (only the objectLoad function uses it and that function isn't used anywhere). We need to fix this and either port all usages of z to s, or make z somehow return a null terminated string while not leaking memory (idk how to do that).

Thanks to @CryroFox for discovering this issue.
@rkevin-arch rkevin-arch self-assigned this Jul 25, 2021
@melody-rs
Copy link
Member

May be fixed by #80

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@rkevin-arch rkevin-arch

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rkevin-arch @melody-rs