Mercurial > hg > soundsoftware-site

annotate config/initializers/bigdecimal-segfault-fix.rb @ 8:0c83d98252d9 yuya

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
* Add custom repo prefix and proper auth realm, remove auth cache (seems like an unwise feature), pass DB handle around, various other bits of tidying
author Chris Cannam
date Thu, 12 Aug 2010 15:31:37 +0100
parents 513646585e45
children
rev   line source
Chris@0 1 # Copyright (c) 2009 Michael Koziarski <michael@koziarski.com>
Chris@0 2 #
Chris@0 3 # Permission to use, copy, modify, and/or distribute this software for any
Chris@0 4 # purpose with or without fee is hereby granted, provided that the above
Chris@0 5 # copyright notice and this permission notice appear in all copies.
Chris@0 6 #
Chris@0 7 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
Chris@0 8 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
Chris@0 9 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
Chris@0 10 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
Chris@0 11 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
Chris@0 12 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
Chris@0 13 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Chris@0 14
Chris@0 15 require 'bigdecimal'
Chris@0 16
Chris@0 17 alias BigDecimalUnsafe BigDecimal
Chris@0 18
Chris@0 19
Chris@0 20 # This fixes CVE-2009-1904 however it removes legitimate functionality that your
Chris@0 21 # application may depend on. You are *strongly* advised to upgrade your ruby
Chris@0 22 # rather than relying on this fix for an extended period of time.
Chris@0 23
Chris@0 24 def BigDecimal(initial, digits=0)
Chris@0 25 if initial.size > 255 || initial =~ /e/i
Chris@0 26 raise "Invalid big Decimal Value"
Chris@0 27 end
Chris@0 28 BigDecimalUnsafe(initial, digits)
Chris@0 29 end
Chris@0 30