Fix memory corruption with FFI backend

[ankane]

To reproduce with JRuby or TruffleRuby:

require "fiddle"

1000.times do
  Fiddle::Pointer[rand(255).chr*16]
end

put_string adds a null byte at the end vs write_bytes. This is not caught by the bounds check since the underlying FFI::Pointer size is not set.

[kou]

We may need to use put_bytes instead...

Suggested change

	cptr = Pointer.malloc(value.bytesize + 1)
	cptr.ffi_ptr.put_string(0, value)
	cptr = Pointer.malloc(value.bytesize)
	cptr.ffi_ptr.put_bytes(0, value)

[ankane]

Tried that initially with write_bytes, but looks like some of the tests expect an additional null byte.

[ankane]

Nevermind, looks like the failing tests are due to an issue with the to_s method.

[eregon]

@kou Is it expected though that Fiddle::Pointer.to_ptr("abc") doesn't guarantee to return a \0-terminated native string?

[eregon]

This is what the C extension does:

fiddle/ext/fiddle/pointer.c

Lines 784 to 787 in 7a4c6da

	else if (RTEST(rb_obj_is_kind_of(val, rb_cString))){
	char *str = StringValuePtr(val);
	wrap = val;
	ptr = rb_fiddle_ptr_new(str, RSTRING_LEN(val), NULL);

StringValuePtr AFAIK always returns a \0 terminated char* in CRuby (same as RSTRING_PTR).
So then

cptr = Pointer.malloc(value.bytesize + 1)
cptr.ffi_ptr.put_string(0, value)

is I believe the correct way.

i.e. it was correct as of 07a606f

[eregon]

@ankane Could you make a PR going back to that and also add a test that Fiddle::Pointer.to_ptr("abc")[3] is always 0?

Also maybe the Pointer#size should be checked to be 4 and not 3, and then

fiddle/ext/fiddle/pointer.c

Line 787 in 7a4c6da

ptr = rb_fiddle_ptr_new(str, RSTRING_LEN(val), NULL);

adapted to RSTRING_LEN(val) + 1.

[ankane]

Made the behavior consistent with CRuby in #187.

[kou]

Thanks.

[ankane]

Thank you