$OpenBSD: patch-sprintf_c,v 1.1 2008/07/21 09:40:42 bernd Exp $

Fixes multiple security vulnerabilities.
http://secunia.com/advisories/29794/

Patch against ruby-1.8.6p114 from:
http://blog.phusion.nl/assets/r8ee-security-patch-20080623-2.txt
and
https://launchpad.net/ubuntu/+source/ruby1.8

1.8.6-p229 and 1.8.7-p21 will break rails applications.

--- sprintf.c.orig	Wed Aug 22 04:53:31 2007
+++ sprintf.c	Tue Jul  1 20:47:08 2008
@@ -247,7 +247,15 @@ rb_f_sprintf(argc, argv)
     int argc;
     VALUE *argv;
 {
+    return rb_str_format(argc - 1, argv + 1, GETNTHARG(0));
+}
+
+VALUE
+rb_str_format(argc, argv, fmt)
+    int argc;
+    VALUE *argv;
     VALUE fmt;
+{
     const char *p, *end;
     char *buf;
     int blen, bsiz;
@@ -276,7 +284,8 @@ rb_f_sprintf(argc, argv)
 	rb_raise(rb_eArgError, "flag after precision"); \
     }
 
-    fmt = GETNTHARG(0);
+    ++argc;
+    --argv;
     if (OBJ_TAINTED(fmt)) tainted = 1;
     StringValue(fmt);
     fmt = rb_str_new4(fmt);