Skip to content

Commit

Permalink
Fix integer overflow
Browse files Browse the repository at this point in the history 
Make use of the check in rb_alloc_tmp_buffer2.

https://hackerone.com/reports/1328463
  • Loading branch information
@nobu @mame
nobu authored and mame committed Nov 24, 2021
1 parent 8f0b257 commit c6a37a6
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion ext/cgi/escape/escape.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,8 @@ static VALUE
optimized_escape_html(VALUE str)
{
VALUE vbuf;
char *buf = ALLOCV_N(char, vbuf, RSTRING_LEN(str) * HTML_ESCAPE_MAX_LEN);
typedef char escape_buf[HTML_ESCAPE_MAX_LEN];
char *buf = *ALLOCV_N(escape_buf, vbuf, RSTRING_LEN(str));
const char *cstr = RSTRING_PTR(str);
const char *end = cstr + RSTRING_LEN(str);

Expand Down

0 comments on commit c6a37a6

Please sign in to comment.