diff -uw ruby-2.1.1/ext/psych/yaml/config.h ruby-2.1.2/ext/psych/yaml/config.h --- ruby-2.1.1/ext/psych/yaml/config.h 2014-02-24 05:24:15.000000000 +0100 +++ ruby-2.1.2/ext/psych/yaml/config.h 2014-05-04 17:45:33.000000000 +0200 @@ -1,11 +1,10 @@ - #define PACKAGE_NAME "yaml" #define PACKAGE_TARNAME "yaml" -#define PACKAGE_VERSION "0.1.5" -#define PACKAGE_STRING "yaml 0.1.5" +#define PACKAGE_VERSION "0.1.6" +#define PACKAGE_STRING "yaml 0.1.6" #define PACKAGE_BUGREPORT "http://pyyaml.org/newticket?component libyaml" #define PACKAGE_URL "" #define YAML_VERSION_MAJOR 0 #define YAML_VERSION_MINOR 1 -#define YAML_VERSION_PATCH 5 -#define YAML_VERSION_STRING "0.1.5" +#define YAML_VERSION_PATCH 6 +#define YAML_VERSION_STRING "0.1.6" diff -uw ruby-2.1.1/ext/psych/yaml/scanner.c ruby-2.1.2/ext/psych/yaml/scanner.c --- ruby-2.1.1/ext/psych/yaml/scanner.c 2014-02-24 05:24:15.000000000 +0100 +++ ruby-2.1.2/ext/psych/yaml/scanner.c 2014-05-04 17:45:33.000000000 +0200 @@ -2629,6 +2629,9 @@ /* Check if it is a URI-escape sequence. */ if (CHECK(parser->buffer, '%')) { + if (!STRING_EXTEND(parser, string)) + goto error; + if (!yaml_parser_scan_uri_escapes(parser, directive, start_mark, &string)) goto error; } diff -uw ruby-2.1.1/ext/psych/yaml/yaml_private.h ruby-2.1.2/ext/psych/yaml/yaml_private.h --- ruby-2.1.1/ext/psych/yaml/yaml_private.h 2014-02-24 05:24:15.000000000 +0100 +++ ruby-2.1.2/ext/psych/yaml/yaml_private.h 2014-05-04 17:45:33.000000000 +0200 @@ -146,9 +146,12 @@ (string).start = (string).pointer = (string).end = 0) #define STRING_EXTEND(context,string) \ - (((string).pointer+5 < (string).end) \ + ((((string).pointer+5 < (string).end) \ || yaml_string_extend(&(string).start, \ - &(string).pointer, &(string).end)) + &(string).pointer, &(string).end)) ? \ + 1 : \ + ((context)->error = YAML_MEMORY_ERROR, \ + 0)) #define CLEAR(context,string) \ ((string).pointer = (string).start, \