uxp/ruby-1.8.7-p358_cve-2013-4164.patch

## ruby-1.8.7-p358_cve-2013-4164.patch
diff -ru a/test/ruby/test_float.rb b/test/ruby/test_float.rb
--- a/test/ruby/test_float.rb	2011-12-10 05:17:27.000000000 -0700
+++ b/test/ruby/test_float.rb	2013-11-23 08:27:39.000000000 -0700
@@ -171,4 +171,16 @@
     assert_raise(ArgumentError) { 1.0 < nil }
     assert_raise(ArgumentError) { 1.0 <= nil }
   end
+
+  def test_long_string
+    assert_normal_exit(<<-'end;')
+    assert_in_epsilon(10.0, ("1."+"1"*300000).to_f*9)
+    end;
+  end
+
+  def test_long_string
+    assert_normal_exit(<<-'end;')
+    assert_in_epsilon(10.0, ("1."+"1"*300000).to_f*9)
+    end;
+  end
 end
Only in b/test/ruby: test_float.rb.orig
diff -ru a/util.c b/util.c
--- a/util.c	2010-11-22 00:21:34.000000000 -0700
+++ b/util.c	2013-11-23 08:27:46.000000000 -0700
@@ -892,6 +892,11 @@
 #else
 #define MALLOC malloc
 #endif
+#ifdef FREE
+extern void FREE(void*);
+#else
+#define FREE free
+#endif

 #ifndef Omit_Private_Memory
 #ifndef PRIVATE_MEM
@@ -1176,7 +1181,7 @@
 #endif

     ACQUIRE_DTOA_LOCK(0);
-    if ((rv = freelist[k]) != 0) {
+    if (k <= Kmax && (rv = freelist[k]) != 0) {
         freelist[k] = rv->next;
     }
     else {
@@ -1186,7 +1191,7 @@
 #else
         len = (sizeof(Bigint) + (x-1)*sizeof(ULong) + sizeof(double) - 1)
                 /sizeof(double);
-        if (pmem_next - private_mem + len <= PRIVATE_mem) {
+        if (k <= Kmax && pmem_next - private_mem + len <= PRIVATE_mem) {
             rv = (Bigint*)pmem_next;
             pmem_next += len;
         }
@@ -1205,6 +1210,10 @@
 Bfree(Bigint *v)
 {
     if (v) {
+        if (v->k > Kmax) {
+            FREE(v);
+            return;
+        }
         ACQUIRE_DTOA_LOCK(0);
         v->next = freelist[v->k];
         freelist[v->k] = v;
@@ -2200,6 +2209,7 @@
         for (; c >= '0' && c <= '9'; c = *++s) {
 have_dig:
             nz++;
+            if (nf > DBL_DIG * 4) continue;
             if (c -= '0') {
                 nf += nz;
                 for (i = 1; i < nz; i++)
	diff -ru a/test/ruby/test_float.rb b/test/ruby/test_float.rb
	--- a/test/ruby/test_float.rb 2011-12-10 05:17:27.000000000 -0700
	+++ b/test/ruby/test_float.rb 2013-11-23 08:27:39.000000000 -0700
	@@ -171,4 +171,16 @@
	assert_raise(ArgumentError) { 1.0 < nil }
	assert_raise(ArgumentError) { 1.0 <= nil }
	end
	+
	+ def test_long_string
	+ assert_normal_exit(<<-'end;')
	+ assert_in_epsilon(10.0, ("1."+"1"300000).to_f9)
	+ end;
	+ end
	+
	+ def test_long_string
	+ assert_normal_exit(<<-'end;')
	+ assert_in_epsilon(10.0, ("1."+"1"300000).to_f9)
	+ end;
	+ end
	end
	Only in b/test/ruby: test_float.rb.orig
	diff -ru a/util.c b/util.c
	--- a/util.c 2010-11-22 00:21:34.000000000 -0700
	+++ b/util.c 2013-11-23 08:27:46.000000000 -0700
	@@ -892,6 +892,11 @@
	#else
	#define MALLOC malloc
	#endif
	+#ifdef FREE
	+extern void FREE(void*);
	+#else
	+#define FREE free
	+#endif

	#ifndef Omit_Private_Memory
	#ifndef PRIVATE_MEM
	@@ -1176,7 +1181,7 @@
	#endif

	ACQUIRE_DTOA_LOCK(0);
	- if ((rv = freelist[k]) != 0) {
	+ if (k <= Kmax && (rv = freelist[k]) != 0) {
	freelist[k] = rv->next;
	}
	else {
	@@ -1186,7 +1191,7 @@
	#else
	len = (sizeof(Bigint) + (x-1)*sizeof(ULong) + sizeof(double) - 1)
	/sizeof(double);
	- if (pmem_next - private_mem + len <= PRIVATE_mem) {
	+ if (k <= Kmax && pmem_next - private_mem + len <= PRIVATE_mem) {
	rv = (Bigint*)pmem_next;
	pmem_next += len;
	}
	@@ -1205,6 +1210,10 @@
	Bfree(Bigint *v)
	{
	if (v) {
	+ if (v->k > Kmax) {
	+ FREE(v);
	+ return;
	+ }
	ACQUIRE_DTOA_LOCK(0);
	v->next = freelist[v->k];
	freelist[v->k] = v;
	@@ -2200,6 +2209,7 @@
	for (; c >= '0' && c <= '9'; c = *++s) {
	have_dig:
	nz++;
	+ if (nf > DBL_DIG * 4) continue;
	if (c -= '0') {
	nf += nz;
	for (i = 1; i < nz; i++)