Project

General

Profile

Actions
Copy link

Bug #10453

closed

NUM2CHR() does not perform additional bounds checks

Bug #10453: NUM2CHR() does not perform additional bounds checks

Added by silverhammermba (Max Anselm) about 11 years ago. Updated almost 6 years ago.

Status:
Rejected
Assignee:
matz (Yukihiro Matsumoto)
Target version:
-
ruby -v:
ruby 2.1.4p265 (2014-10-27 revision 48166) [x86_64-linux]
Backport:
2.0.0: UNKNOWN, 2.1: UNKNOWN
[ruby-core:66002]

Description

NUM2CHR() just calls rb_num2int_inline() and masks off the high bytes. Consequently, passing any value larger than a char and no bigger than an int will return some garbage value (rather than raising RangeError).

To reproduce, compile and run:

#include <ruby.h>
#include <limits.h>

int main(int argc, char* argv[])
{
    ruby_init();
    
    VALUE y = INT2FIX(INT_MAX);
    char z = NUM2CHR(y);
    
    printf("%hhd\n", z);
    
    return ruby_cleanup(0);
}

Expected:
Segfault from uncaught RangeError.

Actual:
Prints -1

Files

num2chr-range-check-10453.patch (1.35 KB) num2chr-range-check-10453.patch jeremyevans0 (Jeremy Evans), 08/12/2019 02:38 AM

Related issues 1 (0 open1 closed)

Related to Ruby - Bug #15460: Behaviour of String#setbyte changedClosedshyouhei (Shyouhei Urabe)Actions
Actions
Copy link

Also available in: PDF Atom