Bug #4451

closed

Date#step does not raise ArgumentError for 0 step

Added by jeremyevans0 (Jeremy Evans) about 13 years ago. Updated almost 13 years ago.

Status:

Rejected

Assignee:

tadf (tadayoshi funaba)

Target version:

ruby -v:

ruby 1.9.3dev (2011-02-16 trunk 30888) [x86_64-openbsd4.9]

Backport:

[ruby-core:<unknown>]

Description

=begin
Numeric#step:

$ ruby -e '1.step(2, 0){}'
-e:1:in step': step can't be 0 (ArgumentError) from -e:1:in '

Range#step:

$ ruby -r date -e '(0..1).step(0){}'
-e:1:in step': step can't be 0 (ArgumentError) from -e:1:in '

Date#step:

ruby -r date -e 'Date.today.step(Date.today, 0){}'

infinite loop¶

There is already a check for this in date.rb, but it is commented out. It was added in r13408, over 3 years ago. The lack of this check can cause a denial of service if the step value is controlled by the attacker. The attached patch enables the check and adds a test for it.
=end

Files

date-step-0.patch (924 Bytes) date-step-0.patch

jeremyevans0 (Jeremy Evans), 03/01/2011 08:07 AM

Actions

Copy link

Also available in: Atom PDF

Like0

Like0Like0Like0

Project

General

Profile

Ruby » Ruby master

Custom queries

Bug #4451

Date#step does not raise ArgumentError for 0 step

infinite loop¶

Updated by tadf (tadayoshi funaba) about 13 years ago

Updated by shyouhei (Shyouhei Urabe) about 13 years ago

Updated by tadf (tadayoshi funaba) almost 13 years ago