merge revision(s) 17470:17472:

shyouhei · shyouhei · commit 705ee8575b6b · 2008-06-20T06:51:54.000Z
* array.c (rb_ary_store, rb_ary_splice): not depend on unspecified
	  behavior at integer overflow.
	* string.c (str_buf_cat): ditto.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_5@17473 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
diff --git a/array.c b/array.c
@@ -370,7 +370,7 @@ rb_ary_store(ary, idx, val)
 	if (new_capa < ARY_DEFAULT_SIZE) {
 	    new_capa = ARY_DEFAULT_SIZE;
 	}
-	else if (new_capa >= ARY_MAX_SIZE - idx) {
+	if (new_capa >= ARY_MAX_SIZE - idx) {
 	    new_capa = (ARY_MAX_SIZE - idx) / 2;
 	}
 	new_capa += idx;
@@ -971,10 +971,10 @@ rb_ary_splice(ary, beg, len, rpl)
     rb_ary_modify(ary);
 
     if (beg >= RARRAY(ary)->len) {
-	len = beg + rlen;
-	if (len < 0 || len > ARY_MAX_SIZE) {
+	if (beg > ARY_MAX_SIZE - rlen) {
 	    rb_raise(rb_eIndexError, "index %ld too big", beg);
 	}
+	len = beg + rlen;
 	if (len >= RARRAY(ary)->aux.capa) {
 	    REALLOC_N(RARRAY(ary)->ptr, VALUE, len);
 	    RARRAY(ary)->aux.capa = len;
diff --git a/string.c b/string.c
@@ -684,18 +684,14 @@ rb_str_resize(str, len)
     return str;
 }
 
-VALUE
-rb_str_buf_cat(str, ptr, len)
+static VALUE
+str_buf_cat(str, ptr, len)
     VALUE str;
     const char *ptr;
     long len;
 {
     long capa, total;
 
-    if (len == 0) return str;
-    if (len < 0) {
-	rb_raise(rb_eArgError, "negative string size (or size too big)");
-    }
     rb_str_modify(str);
     if (FL_TEST(str, STR_ASSOC)) {
 	FL_UNSET(str, STR_ASSOC);
@@ -704,9 +700,16 @@ rb_str_buf_cat(str, ptr, len)
     else {
 	capa = RSTRING(str)->aux.capa;
     }
+    if (RSTRING(str)->len >= LONG_MAX - len) {
+	rb_raise(rb_eArgError, "string sizes too big");
+    }
     total = RSTRING(str)->len+len;
     if (capa <= total) {
 	while (total > capa) {
+	    if (capa + 1 >= LONG_MAX / 2) {
+		capa = total;
+		break;
+	    }
 	    capa = (capa + 1) * 2;
 	}
 	RESIZE_CAPA(str, capa);
@@ -718,6 +721,19 @@ rb_str_buf_cat(str, ptr, len)
     return str;
 }
 
+VALUE
+rb_str_buf_cat(str, ptr, len)
+    VALUE str;
+    const char *ptr;
+    long len;
+{
+    if (len == 0) return str;
+    if (len < 0) {
+	rb_raise(rb_eArgError, "negative string size (or size too big)");
+    }
+    return str_buf_cat(str, ptr, len);
+}
+
 VALUE
 rb_str_buf_cat2(str, ptr)
     VALUE str;
@@ -759,33 +775,7 @@ VALUE
 rb_str_buf_append(str, str2)
     VALUE str, str2;
 {
-    long capa, len;
-
-    rb_str_modify(str);
-    if (FL_TEST(str, STR_ASSOC)) {
-	FL_UNSET(str, STR_ASSOC);
-	capa = RSTRING(str)->aux.capa = RSTRING(str)->len;
-    }
-    else {
-	capa = RSTRING(str)->aux.capa;
-    }
-    len = RSTRING(str)->len+RSTRING(str2)->len;
-    if (len < 0 || (capa+1) > LONG_MAX / 2) {
-	rb_raise(rb_eArgError, "string sizes too big");
-    }
-    if (capa <= len) {
-	while (len > capa) {
-	    capa = (capa + 1) * 2;
-	}
-	RESIZE_CAPA(str, capa);
-    }
-    memcpy(RSTRING(str)->ptr + RSTRING(str)->len,
-	   RSTRING(str2)->ptr, RSTRING(str2)->len);
-    RSTRING(str)->len += RSTRING(str2)->len;
-    RSTRING(str)->ptr[RSTRING(str)->len] = '\0'; /* sentinel */
-    OBJ_INFECT(str, str2);
-
-    return str;
+    return str_buf_cat(str, RSTRING(str2)->ptr, RSTRING(str2)->len);
 }
 
 VALUE
diff --git a/version.h b/version.h
@@ -2,7 +2,7 @@
 #define RUBY_RELEASE_DATE "2008-06-20"
 #define RUBY_VERSION_CODE 185
 #define RUBY_RELEASE_CODE 20080620
-#define RUBY_PATCHLEVEL 229
+#define RUBY_PATCHLEVEL 230
 
 #define RUBY_VERSION_MAJOR 1
 #define RUBY_VERSION_MINOR 8
