Project

General

Profile

Actions

Bug #11192

closed

capture group special variable with large index invokes UB

Added by cremno (cremno phobia) almost 9 years ago. Updated over 8 years ago.

Status:
Closed
Assignee:
-
Target version:
-
[ruby-core:69393]

Description

$ ruby --dump=parsetree -e "$9999999999"
###########################################################
## Do NOT use this node dump for any purpose other than  ##
## debug and research.  Compatibility is not guaranteed. ##
###########################################################

# @ NODE_SCOPE (line: 1)
# +- nd_tbl: (empty)
# +- nd_args:
# |   (null node)
# +- nd_body:
#     @ NODE_NTH_REF (line: 1)
#     +- nd_nth: $1410065407

The culprit is this line in parse.y which contains a call to atoi().

A simple, non-intrusive fix could be calling a function with well-defined behavior when the resulting value can't be represented instead (such as strtoul()) and of course also adding a range check. But perhaps a syntax error is undesired here.


Related issues 1 (0 open1 closed)

Has duplicate Ruby master - Bug #11557: Capturing LimitsClosedActions
Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0