Bug #3700: Buffer overrun in util.c: ruby_hdtoa / nrv_alloc
http://redmine.ruby-lang.org/issues/show/3700

Author: Peter Weldon
Status: Open, Priority: Normal
Target version: 1.9.x
ruby -v: ruby 1.9.3dev (2010-08-15) [i386-mswin32_100]

util.c (ruby_hdtoa) causes buffer overrun in nrv_alloc when returning copies of constant strings ("0", "NaN", "Infinity"). Detected while running ruby 1.9.3dev (2010-08-15) [i386-mswin32_100], linked with debug crt libs, heap corruption is detected while running test/ruby/test_sprintf.rb. 

Patch attached:
- consistently handling of const return strings in ruby_hdtoa, ruby_dtoa, using rv_strdup
- avoid strlen in rv_strdup
- remove handrolled memcpy in nrv_alloc


----------------------------------------
http://redmine.ruby-lang.org