Bug #10453: NUM2CHR() does not perform additional bounds checks - Ruby master - Ruby Issue Tracking System

Actions

Copy link

Bug #10453

closed

NUM2CHR() does not perform additional bounds checks

Added by silverhammermba (Max Anselm) over 9 years ago. Updated over 4 years ago.

Status:

Rejected

Assignee:

matz (Yukihiro Matsumoto)

Target version:

ruby -v:

ruby 2.1.4p265 (2014-10-27 revision 48166) [x86_64-linux]

Backport:

2.0.0: UNKNOWN, 2.1: UNKNOWN

[ruby-core:66002]

Description

NUM2CHR() just calls rb_num2int_inline() and masks off the high bytes. Consequently, passing any value larger than a char and no bigger than an int will return some garbage value (rather than raising RangeError).

To reproduce, compile and run:

#include <ruby.h>
#include <limits.h>

int main(int argc, char* argv[])
{
    ruby_init();
    
    VALUE y = INT2FIX(INT_MAX);
    char z = NUM2CHR(y);
    
    printf("%hhd\n", z);
    
    return ruby_cleanup(0);
}

Expected:
Segfault from uncaught RangeError.

Actual:
Prints -1

Files

num2chr-range-check-10453.patch (1.35 KB) num2chr-range-check-10453.patch

jeremyevans0 (Jeremy Evans), 08/12/2019 02:38 AM

Related issues 1 (0 open — 1 closed)

Actions

Copy link

Also available in: Atom PDF

Like0

Like0Like0Like0Like0Like0Like0Like0

Project

General

Profile

Ruby » Ruby master

Custom queries

Bug #10453

NUM2CHR() does not perform additional bounds checks

Updated by nobu (Nobuyoshi Nakada) over 9 years ago

Updated by silverhammermba (Max Anselm) over 9 years ago

Updated by naruse (Yui NARUSE) over 6 years ago

Updated by jeremyevans0 (Jeremy Evans) over 4 years ago

Updated by nobu (Nobuyoshi Nakada) over 4 years ago

Updated by mame (Yusuke Endoh) over 4 years ago

Updated by mame (Yusuke Endoh) over 4 years ago