ext/oj/load.c in oj-2.0.3 vs ext/oj/load.c in oj-2.0.4
- old
+ new
@@ -137,14 +137,16 @@
inline static VALUE
resolve_classname(VALUE mod, const char *class_name, int auto_define) {
VALUE clas;
ID ci = rb_intern(class_name);
- if (rb_const_defined_at(mod, ci) || !auto_define) {
+ if (rb_const_defined_at(mod, ci)) {
clas = rb_const_get_at(mod, ci);
- } else {
+ } else if (auto_define) {
clas = rb_define_class_under(mod, class_name, oj_bag_class);
+ } else {
+ clas = Qundef;
}
return clas;
}
inline static VALUE
@@ -167,10 +169,11 @@
#if SAFE_CACHE
pthread_mutex_lock(&oj_cache_mutex);
#endif
if (Qundef == (clas = oj_cache_get(oj_class_cache, name, &slot))) {
char class_name[1024];
+ char *end = class_name + sizeof(class_name) - 1;
char *s;
const char *n = name;
clas = rb_cObject;
for (s = class_name; '\0' != *n; n++) {
@@ -182,9 +185,11 @@
}
if (Qundef == (clas = resolve_classname(clas, class_name, auto_define))) {
return Qundef;
}
s = class_name;
+ } else if (end <= s) {
+ raise_error("Invalid classname, limit is 1024 characters", pi->str, pi->s);
} else {
*s++ = *n;
}
}
*s = '\0';