Issue #10019 has been updated by Will Wood.

File pack.c.patch added

I took a look at it yesterday.  Here's the issue.  In the loop (len >= 3) you check to see if there's enough room in buff.  Unfortunately if len < 3 we don't flush the buffer and then write additional bytes onto
the end without checking.  I added a check to flush the buffer if len < 3 and then there's enough space on exiting the loop for the remaining bytes and padding including lf.  The patch attached fixes the problem.  You also don't need the + 1 byte or a 4K buffer either, your call but patch is 256 bytes for the buffer.  I don't like large objects on the heap, that's just me.  No seg faults for me and it works with this patch just fine.  Also the rb_bug test at the end isn't necessary, your call if you want to remove it but it'll never get executed.



----------------------------------------
Bug #10019: segmentation fault/buffer overrun in pack.c (encodes)
https://bugs.ruby-lang.org/issues/10019#change-48112

* Author: Will Wood
* Status: Feedback
* Priority: Normal
* Assignee: 
* Category: core
* Target version: 
* ruby -v: ruby 2.1.2p168 (2014-07-06 revision 46721) [i386-mingw32]
* Backport: 2.0.0: REQUIRED, 2.1: DONE
----------------------------------------
While working with an AWS sample I hit a segmentation fault.  The same sample works under 1.9.3.  It appeared to be coming from pack.c function encodes.  After looking at the source there's a 4K buffer allocated on the stack.  I made a minor change to base the buffer length off of the incoming buffer length with a pad and allocate it off the heap.  Anyway, after fixing this my code sample runs fine.  I'm including a patch file and the sample code.

---Files--------------------------------
pack.patch (2.74 KB)
BucketTest.rb (326 Bytes)
pack.c.patch (769 Bytes)


-- 
https://bugs.ruby-lang.org/