From: naruse@...
Date: 2019-04-13T07:33:19+00:00
Subject: [ruby-core:92272] [Ruby trunk Bug#15760] OpenSSL::BN.new(nil,	2) dumps core

Issue #15760 has been updated by naruse (Yui NARUSE).

Backport changed from 2.4: REQUIRED, 2.5: REQUIRED, 2.6: REQUIRED to 2.4: REQUIRED, 2.5: REQUIRED, 2.6: DONE

ruby_2_6 r67524 merged revision(s) 67497,67498.

----------------------------------------
Bug #15760: OpenSSL::BN.new(nil, 2) dumps core
https://bugs.ruby-lang.org/issues/15760#change-77605

* Author: mame (Yusuke Endoh)
* Status: Closed
* Priority: Normal
* Assignee: rhenium (Kazuki Yamaguchi)
* Target version: 
* ruby -v: ruby 2.7.0dev (2019-04-10 trunk 67496) [x86_64-linux]
* Backport: 2.4: REQUIRED, 2.5: REQUIRED, 2.6: DONE
----------------------------------------
ext/openssl/ossl_bn.c

```
 221         if (!BN_bin2bn((unsigned char *)StringValuePtr(str), RSTRING_LENINT(str), bn)) {
 222             ossl_raise(eBNError, NULL);
 223         }
 224         break;
```

This code depends on the evaluation order of function arguments.  It works if `StringValuePtr(str)` is evaluated earlier than RSTRING_LENINT(str), but it doesn't if the order is reversed, which causes core dump.



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>