cbor 0.5.9.3 → 0.5.9.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 425cc6f7340767f49e322a3762368f24be166a9c7286b2de39a40e70f936e4c9
-  data.tar.gz: ce9edfb609f86a6922fe7eb6746acc06c78db474cc4d9414731ef82a2f02b16e
+  metadata.gz: a2c92fadfe4835b40910e13f19e471916c9e138f5087d068f4dce3aa59c72eee
+  data.tar.gz: 5295a488ba1a015a720829da251462cead06eefc395cbe99e68a9049660eb902
 SHA512:
-  metadata.gz: 4c6280839cfc5d0579a08c19b80eedeb2c9039d212907e21321cd0f77d88331b736f4fbda6bed1d7411b1e255f5952edfd3ddcb540d663212a92016bc2c60263
-  data.tar.gz: 2d0b265557125d652821b75c8fa8b5f9ebd761e6236d5503cc53a709b0ee1be95195f0026aca1d651e728272c9450c4603026f8145225a431eff2f1981f37a9a
+  metadata.gz: 7b63dba28e71e57bd0d8440c6746ca566deb131e38c1052a0819d99f9eee6b666bfe8e2e1fc61cfd9eba3e2f4844ee4d5071dc6977ee1342e42fc5b9305e2e93
+  data.tar.gz: 834dd54d18ca973f71726ddbc57fc47d6e32e2441152ad6a88c969b4a364672a6f36c9739cfa35dc06a552fbf2cb1d8c66050272f41174c585280477282b000d

data/README.rdoc

@@ -58,7 +58,7 @@ Author::    Carsten Bormann <cabo@tzi.org>
 Copyright:: Copyright (c) 2013, 2014 Carsten Bormann
 License::   Apache License, Version 2.0
 
-{<img src="https://travis-ci.org/cabo/cbor-ruby.png?branch=master" />}[https://travis-ci.org/cabo/cbor-ruby] {<img src="https://badge.fury.io/rb/cbor.png" alt="Gem Version" />}[http://badge.fury.io/rb/cbor]
+{<img src="https://travis-ci.org/cabo/cbor-ruby.svg?branch=master" />}[https://travis-ci.org/cabo/cbor-ruby] {<img src="https://badge.fury.io/rb/cbor.svg" alt="Gem Version" />}[http://badge.fury.io/rb/cbor]
 
 For the original, see below.
 

data/cbor.gemspec

@@ -8,9 +8,9 @@ Gem::Specification.new do |s|
   s.description = %q{CBOR is a library for the CBOR binary object representation format, based on Sadayuki Furuhashi's MessagePack library.}
   s.author = "Carsten Bormann, standing on the tall shoulders of Sadayuki Furuhashi"
   s.email = "cabo@tzi.org"
-  s.license = "Apache 2.0"
+  s.license = "Apache-2.0"
   s.homepage = "http://cbor.io/"
-  s.has_rdoc = false
+#  s.has_rdoc = false
   s.files = `git ls-files`.split("\n")
   s.test_files = `git ls-files -- {test,spec}/*`.split("\n")
   s.require_paths = ["lib"]
@@ -21,5 +21,5 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'rake-compiler', ['~> 0.8.3']
   s.add_development_dependency 'rspec', ['~> 2.11']
   s.add_development_dependency 'json', ['~> 1.7']
-  s.add_development_dependency 'yard', ['~> 0.8.2']
+  s.add_development_dependency 'yard', ['~> 0.9.11']
 end

data/ext/cbor/unpacker.c

@@ -29,6 +29,13 @@
 #include "rmem.h"
 #include <math.h>               /* for ldexp */
 
+/* work around https://bugs.ruby-lang.org/issues/15779 for now
+ * by limiting preallocation to about a Tebibyte
+ * limit is 2**n-1 (n==10) so we can avoid a conditional
+ */
+#define SANE_PREALLOCATION_MAX 0xFFFFFFFFFFUL
+#define SANE_PREALLOCATE(n) (n & SANE_PREALLOCATION_MAX)
+
 #if !defined(DISABLE_RMEM) && !defined(DISABLE_UNPACKER_STACK_RMEM) && \
         MSGPACK_UNPACKER_STACK_CAPACITY * MSGPACK_UNPACKER_STACK_SIZE <= MSGPACK_RMEM_PAGE_SIZE
 #define UNPACKER_STACK_RMEM
@@ -245,7 +252,7 @@ static int read_raw_body_cont(msgpack_unpacker_t* uk, int textflag)
     size_t length = uk->reading_raw_remaining;
 
     if(uk->reading_raw == Qnil) {
-        uk->reading_raw = rb_str_buf_new(length);
+        uk->reading_raw = rb_str_buf_new(SANE_PREALLOCATE(length));
     }
 
     do {
@@ -381,7 +388,7 @@ static int read_primitive(msgpack_unpacker_t* uk)
         if (val == 0) {
             return object_complete(uk, rb_ary_new());
         }
-        return _msgpack_unpacker_stack_push(uk, STACK_TYPE_ARRAY, val, rb_ary_new2(val));
+        return _msgpack_unpacker_stack_push(uk, STACK_TYPE_ARRAY, val, rb_ary_new2(SANE_PREALLOCATE(val)));
     CASE_AI(MT_MAP):
       READ_VAL(uk, ai, val);
     CASE_IMM(MT_MAP): // map

data/lib/cbor/version.rb

@@ -1,3 +1,3 @@
 module CBOR
-	VERSION = "0.5.9.3"
+	VERSION = "0.5.9.4"
 end

data/spec/format_spec.rb

@@ -421,6 +421,29 @@ describe MessagePack do
     unpacker.feed(CBOR.encode(symbolized_hash)).read.should == symbolized_hash
   end
 
+  it 'handle outrageous sizes' do
+    expect { CBOR.decode("\xa1") }.to raise_error(EOFError)
+    expect { CBOR.decode("\xba\xff\xff\xff\xff") }.to raise_error(EOFError)
+    expect { CBOR.decode("\xbb\xff\xff\xff\xff\xff\xff\xff\xff") }.to raise_error(EOFError)
+    expect { CBOR.decode("\xbb\x01\x01\x01\x01\x01\x01\x01\x01") }.to raise_error(EOFError)
+    expect { CBOR.decode("\xbb\x00\x00\x01\x01\x01\x01\x01\x01") }.to raise_error(EOFError)
+    expect { CBOR.decode("\x81") }.to raise_error(EOFError)
+    expect { CBOR.decode("\x9a\xff\xff\xff\xff") }.to raise_error(EOFError)
+    expect { CBOR.decode("\x9b\xff\xff\xff\xff\xff\xff\xff\xff") }.to raise_error(EOFError)
+    expect { CBOR.decode("\x9b\x01\x01\x01\x01\x01\x01\x01\x01") }.to raise_error(EOFError)
+    expect { CBOR.decode("\x9b\x00\x00\x01\x01\x01\x01\x01\x01") }.to raise_error(EOFError)
+    expect { CBOR.decode("\x61") }.to raise_error(EOFError)
+    expect { CBOR.decode("\x7a\xff\xff\xff\xff") }.to raise_error(EOFError)
+    expect { CBOR.decode("\x7b\xff\xff\xff\xff\xff\xff\xff\xff") }.to raise_error(EOFError)
+    expect { CBOR.decode("\x7b\x01\x01\x01\x01\x01\x01\x01\x01") }.to raise_error(EOFError)
+    expect { CBOR.decode("\x7b\x00\x00\x01\x01\x01\x01\x01\x01") }.to raise_error(EOFError)
+    expect { CBOR.decode("\x41") }.to raise_error(EOFError)
+    expect { CBOR.decode("\x5a\xff\xff\xff\xff") }.to raise_error(EOFError)
+    expect { CBOR.decode("\x5b\xff\xff\xff\xff\xff\xff\xff\xff") }.to raise_error(EOFError)
+    expect { CBOR.decode("\x5b\x01\x01\x01\x01\x01\x01\x01\x01") }.to raise_error(EOFError)
+    expect { CBOR.decode("\x5b\x00\x00\x01\x01\x01\x01\x01\x01") }.to raise_error(EOFError)
+  end
+
 
 ## FIXME
 #  it "{0=>0, 1=>1, ..., 14=>14}" do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cbor
 version: !ruby/object:Gem::Version
-  version: 0.5.9.3
+  version: 0.5.9.4
 platform: ruby
 authors:
 - Carsten Bormann, standing on the tall shoulders of Sadayuki Furuhashi
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-08-20 00:00:00.000000000 Z
+date: 2019-06-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -86,14 +86,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.8.2
+        version: 0.9.11
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.8.2
+        version: 0.9.11
 description: CBOR is a library for the CBOR binary object representation format, based
   on Sadayuki Furuhashi's MessagePack library.
 email: cabo@tzi.org
@@ -158,7 +158,7 @@ files:
 - spec/unpacker_spec.rb
 homepage: http://cbor.io/
 licenses:
-- Apache 2.0
+- Apache-2.0
 metadata: {}
 post_install_message: 
 rdoc_options: []
@@ -175,8 +175,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: CBOR, Concise Binary Object Representation.