Bug #10453: NUM2CHR() does not perform additional bounds checks - Ruby master - Ruby Issue Tracking System

Actions

Copy link

Bug #10453

closed

NUM2CHR() does not perform additional bounds checks

Added by silverhammermba (Max Anselm) about 10 years ago. Updated almost 5 years ago.

Status:

Rejected

Assignee:

matz (Yukihiro Matsumoto)

Target version:

ruby -v:

ruby 2.1.4p265 (2014-10-27 revision 48166) [x86_64-linux]

Backport:

2.0.0: UNKNOWN, 2.1: UNKNOWN

[ruby-core:66002]

Description

NUM2CHR() just calls rb_num2int_inline() and masks off the high bytes. Consequently, passing any value larger than a char and no bigger than an int will return some garbage value (rather than raising RangeError).

To reproduce, compile and run:

#include <ruby.h>
#include <limits.h>

int main(int argc, char* argv[])
{
    ruby_init();
    
    VALUE y = INT2FIX(INT_MAX);
    char z = NUM2CHR(y);
    
    printf("%hhd\n", z);
    
    return ruby_cleanup(0);
}

Expected:
Segfault from uncaught RangeError.

Actual:
Prints -1

Files

num2chr-range-check-10453.patch (1.35 KB) num2chr-range-check-10453.patch

jeremyevans0 (Jeremy Evans), 08/12/2019 02:38 AM

Related issues 1 (0 open — 1 closed)

Actions

Copy link

Also available in: Atom PDF

Like0

Like0Like0Like0Like0Like0Like0Like0

Project

General

Profile

Ruby » Ruby master

Custom queries

Bug #10453

NUM2CHR() does not perform additional bounds checks

Updated by nobu (Nobuyoshi Nakada) about 10 years ago

Updated by silverhammermba (Max Anselm) about 10 years ago

Updated by naruse (Yui NARUSE) almost 7 years ago

Updated by jeremyevans0 (Jeremy Evans) over 5 years ago

Updated by nobu (Nobuyoshi Nakada) over 5 years ago

Updated by mame (Yusuke Endoh) almost 5 years ago

Updated by mame (Yusuke Endoh) almost 5 years ago