Clamp read callback to buffer size to prevent overflow.

Author: cfis

.gitignore

@@ -1,23 +1,23 @@
-pkg
-nbproject
-website/_site
-*.swp
-*.swo
-
-/ext/vc/libxml_ruby.sdf
-/ext/vc/libxml_ruby_19/Debug
-/ext/vc/libxml_ruby_18/Debug
-/doc
-/tmp
-/.idea
-/ext/vc/ipch
-/ext/vc/libxml_ruby.opensdf
-.config
-InstalledFiles
-ext/libxml/libxml_ruby.bundle
-.DS_Store
-/ext/vc/*.suo
-Gemfile.lock
-lib/*/libxml_ruby.so
-/ext/vc/libxml_ruby/x64
-/ext/vc/libxml_ruby/libxml_ruby.vcxproj.user
+pkg
+nbproject
+website/_site
+*.swp
+*.swo
+
+/ext/vc/libxml_ruby.sdf
+/ext/vc/libxml_ruby_19/Debug
+/ext/vc/libxml_ruby_18/Debug
+/doc
+/tmp
+/.idea
+/ext/vc/ipch
+/ext/vc/libxml_ruby.opensdf
+.config
+InstalledFiles
+ext/libxml/libxml_ruby.bundle
+.DS_Store
+/ext/vc/*.suo
+Gemfile.lock
+lib/*/libxml_ruby.so
+/ext/vc/libxml_ruby/x64
+/ext/vc/libxml_ruby/libxml_ruby.vcxproj.user

Gemfile

@@ -1,3 +1,4 @@
 source "https://www.rubygems.org"
 
 gemspec
+gem "ruby_memcheck", path: "../ruby_memcheck"

LICENSE

@@ -1,21 +1,21 @@
-  Copyright (c) 2008-2013 Charlie Savage and contributors
-  Copyright (c) 2002-2007 Sean Chittenden and contributors
-  Copyright (c) 2001 Wai-Sun "Squidster" Chia
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of
-this software and associated documentation files (the "Software"), to deal in 
-the Software without restriction, including without limitation the rights to 
-use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies 
-of the Software, and to permit persons to whom the Software is furnished to do
-so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+  Copyright (c) 2008-2013 Charlie Savage and contributors
+  Copyright (c) 2002-2007 Sean Chittenden and contributors
+  Copyright (c) 2001 Wai-Sun "Squidster" Chia
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in 
+the Software without restriction, including without limitation the rights to 
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies 
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.

Rakefile

@@ -3,6 +3,7 @@
 require "rubygems"
 require "rake/extensiontask"
 require "rake/testtask"
+require "ruby_memcheck"
 require "rubygems/package_task"
 require "rdoc/task"
 require "yaml"
@@ -15,6 +16,14 @@ spec = Gem::Specification.load("#{GEM_NAME}.gemspec")
 
 task :default => [:test]
 
+test_config = lambda do |t|
+  t.libs << "test"
+  t.test_files = FileList['test/test*.rb'] - ['test/test_suite.rb']
+  t.verbose = true
+end
+
+RubyMemcheck.config(binary_name: SO_NAME)
+
 # Setup compile tasks
 Rake::ExtensionTask.new do |ext|
   ext.gem_spec = spec
@@ -72,8 +81,8 @@ RDoc::Task.new("rdoc") do |rdoc|
 end
 
 # Test Task
-Rake::TestTask.new do |t|
-  t.libs << "test"
-  t.test_files = FileList['test/test*.rb'] - ['test/test_suite.rb']
-  t.verbose = true
-end
+Rake::TestTask.new(&test_config)
+
+namespace :test do
+  RubyMemcheck::TestTask.new(valgrind: :compile, &test_config)
+end

ext/libxml/ruby_xml_io.c

@@ -19,6 +19,8 @@ int rxml_read_callback(void *context, char *buffer, int len)
     return 0;
 
   size = RSTRING_LEN(string);
+  if (size > (size_t)len)
+    size = (size_t)len;
   memcpy(buffer, StringValuePtr(string), size);
 
   return (int)size;

libxml-ruby.gemspec

@@ -47,5 +47,6 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency('rake-compiler')
   spec.add_development_dependency('minitest')
   spec.add_development_dependency('rdoc')
+  spec.add_development_dependency('ruby_memcheck')
   spec.license = 'MIT'
 end

test/test_xpath.rb

@@ -5,11 +5,13 @@
 
 class TestXPath < Minitest::Test
   def setup
+    GC.stress = true
     @doc = LibXML::XML::Document.file(File.join(File.dirname(__FILE__), 'model/soap.xml'))
   end
 
   def teardown
     @doc = nil
+    GC.stress = false
   end
 
   def test_doc_find
@@ -30,15 +32,11 @@ def test_ns
   end
 
   def test_ns_gc
-    _stress = GC.stress
-    GC.stress = true
-
     doc = LibXML::XML::Document.string('<foo xmlns="http://bar.com" />')
     node = doc.root
+    doc = nil
     # This line segfaults on prior versions of libxml-ruby
     node.find("namespace::*")
-
-    GC.stress = _stress
   end
 
   def test_ns_array
@@ -156,11 +154,11 @@ def test_memory
     # is free, it iterates over its results which are pointers
     # to the document's nodes. A segmentation fault then happens.
 
-    1000.times do
+    10.times do
       doc = LibXML::XML::Document.new('1.0')
       doc.root = LibXML::XML::Node.new("header")
 
-      1000.times do
+      10.times do
         doc.root << LibXML::XML::Node.new("footer")
       end