Merge pull request #15 from philipturnbull/fuzzing

Ashe Connor · web-flow · commit 3103dd16ee7b · 2018-02-07T13:47:53.000+11:00
Fix two bugs found by fuzzing
diff --git a/ext/version_sorter/version_sorter.c b/ext/version_sorter/version_sorter.c
@@ -58,7 +58,7 @@ compare_version_number(const struct version_number *a,
 
 			if (num_a) {
 				int64_t cmp64 = (int64_t)ca->number - (int64_t)cb->number;
-				cmp = (int)max(INT_MIN, min(INT_MAX, cmp64));
+				cmp = (int)max(-1, min(1, cmp64));
 			} else {
 				cmp = strchunk_cmp(
 						a->original, &ca->string,
@@ -239,7 +239,13 @@ rb_version_compare(VALUE rb_self, VALUE rb_version_a, VALUE rb_version_b)
 {
 	struct version_number *version_a = parse_version_number(StringValueCStr(rb_version_a));
 	struct version_number *version_b = parse_version_number(StringValueCStr(rb_version_b));
-	return INT2NUM(version_compare_cb(&version_a, &version_b));
+
+	VALUE result = INT2NUM(version_compare_cb(&version_a, &version_b));
+
+	xfree(version_a);
+	xfree(version_b);
+
+	return result;
 }
 
 void Init_version_sorter(void)
diff --git a/test/version_sorter_test.rb b/test/version_sorter_test.rb
@@ -101,6 +101,12 @@ def test_compare
     assert_equal 0, VersionSorter.compare("12.0", "12.0")
   end
 
+  def test_int_negate
+    a = ["0", "2147483648"]
+    assert_equal a, VersionSorter.sort(a)
+    assert_equal a.reverse, VersionSorter.rsort(a)
+  end
+
   def shuffle(array)
     array, result = array.dup, []
     result << array.delete_at(rand(array.size)) until array.size.zero?
