From: "javanthropus (Jeremy Bopp) via ruby-core" Date: 2024-10-06T18:53:35+00:00 Subject: [ruby-core:119470] [Ruby master Bug#20787] IO#readline does not check its arguments like IO#gets and will read more data than limit Issue #20787 has been reported by javanthropus (Jeremy Bopp). ---------------------------------------- Bug #20787: IO#readline does not check its arguments like IO#gets and will read more data than limit https://bugs.ruby-lang.org/issues/20787 * Author: javanthropus (Jeremy Bopp) * Status: Open * ruby -v: ruby 3.3.4 (2024-07-09 revision be1089c8ec) [x86_64-linux] * Backport: 3.1: UNKNOWN, 3.2: UNKNOWN, 3.3: UNKNOWN ---------------------------------------- In revision d3574c117a637a4456aa3ee78e24d8df510b9355, the implementation of IO#readline was modified and consequently broke argument handling in a subtle way. It no longer checks that the encoding of the separator string is compatible with the internal encoding of the stream. Prior to version 3.3.0, the following script raises an ArgumentError when calling #readline: ```ruby require "tempfile" Tempfile.open(encoding: "utf-8:utf-32le") { |f| f.write("0123456789"); f.rewind; f.readline("\0", 1); } ``` After 3.3.0, the script will read all the data in the file, in this case 40 bytes, even though the limit argument is 1. Replacing #readline with #gets raises the ArgumentError in all versions. I'm fairly sure that the failure to check the separator string encoding leads to the incorrect handling of the limit argument. -- https://bugs.ruby-lang.org/ ______________________________________________ ruby-core mailing list -- ruby-core@ml.ruby-lang.org To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org ruby-core info -- https://ml.ruby-lang.org/mailman3/lists/ruby-core.ml.ruby-lang.org/