Bug #4451
closed
Date#step does not raise ArgumentError for 0 step
Description
=begin
Numeric#step:
$ ruby -e '1.step(2, 0){}'
-e:1:in step': step can't be 0 (ArgumentError) from -e:1:in '
Range#step:
$ ruby -r date -e '(0..1).step(0){}'
-e:1:in step': step can't be 0 (ArgumentError) from -e:1:in '
Date#step:
ruby -r date -e 'Date.today.step(Date.today, 0){}'
infinite loop¶
There is already a check for this in date.rb, but it is commented out. It was added in r13408, over 3 years ago. The lack of this check can cause a denial of service if the step value is controlled by the attacker. The attached patch enables the check and adds a test for it.
=end
Files
Updated by tadf (tadayoshi funaba) about 13 years ago
- Priority changed from Normal to 3
=begin
you are not right.
the intention of comment outed code is different.
i have a doubt about Numeric's one.
firstly, i think the current behaviour of date's one is not wrong.
however, i believe it should raise error soon if it should be an error.
but Numeric's one is not.
a = 1.step(1,0)
#=> #<Enumerator: 1:step(1, 0)>
a.each{}
ArgumentError: step can't be 0
from (irb):3:instep' from (irb):3:ineach'
from (irb):3
from ./bin/irb:12:in `'
i once asked and proposed this.
however, i don't still get any answers.
so the change has been frozen.
i don't understand why Numeric#step delay the raise.
=end
Updated by shyouhei (Shyouhei Urabe) about 13 years ago
- Status changed from Open to Assigned
Updated by tadf (tadayoshi funaba) almost 13 years ago
- Status changed from Assigned to Rejected