ext/syck/rubyext.c (mktime_do): avoid buffer overrun, by
silently ignoring lesser significant digits. Required buffer
length can be computable so you might at first think of
allocating enough memory space on the fly using alloca(). That
is a wrong idea because when using alloca there is always risk
of integer overflow. A function that accepts outer-process
resources like this should not blindly trust its inputs. In
this particular case we just want to generate miliseconds
resolution by strtod() so the string in question needs no more
length than what we originally have. Ignoring lesser
significant digits should suffice I believe.
Added by shyouhei (Shyouhei Urabe) about 14 years ago
silently ignoring lesser significant digits. Required buffer
length can be computable so you might at first think of
allocating enough memory space on the fly using alloca(). That
is a wrong idea because when using alloca there is always risk
of integer overflow. A function that accepts outer-process
resources like this should not blindly trust its inputs. In
this particular case we just want to generate miliseconds
resolution by strtod() so the string in question needs no more
length than what we originally have. Ignoring lesser
significant digits should suffice I believe.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31443 b2dd03c8-39d4-4d8f-98ff-823fe69b080e