From: "k0kubun (Takashi Kokubun) via ruby-core" Date: 2025-01-15T01:39:48+00:00 Subject: [ruby-core:120675] [Ruby master Bug#20787] IO#readline does not check its arguments like IO#gets and will read more data than limit Issue #20787 has been updated by k0kubun (Takashi Kokubun). Backport changed from 3.1: DONTNEED, 3.2: DONTNEED, 3.3: REQUIRED to 3.1: DONTNEED, 3.2: DONTNEED, 3.3: DONE ruby_3_3 commit:233014639793cb6c8650a9b17d37bc09c662d430 merged revision(s) commit:773d140f65c1c8b726e107915bc003c186f38677. ---------------------------------------- Bug #20787: IO#readline does not check its arguments like IO#gets and will read more data than limit https://bugs.ruby-lang.org/issues/20787#change-111498 * Author: javanthropus (Jeremy Bopp) * Status: Closed * ruby -v: ruby 3.3.4 (2024-07-09 revision be1089c8ec) [x86_64-linux] * Backport: 3.1: DONTNEED, 3.2: DONTNEED, 3.3: DONE ---------------------------------------- In revision commit:d3574c117a637a4456aa3ee78e24d8df510b9355, the implementation of IO#readline was modified and consequently broke argument handling in a subtle way. It no longer checks that the encoding of the separator string is compatible with the internal encoding of the stream. Prior to version 3.3.0, the following script raises an ArgumentError when calling #readline: ```ruby require "tempfile" Tempfile.open(encoding: "utf-8:utf-32le") { |f| f.write("0123456789"); f.rewind; f.readline("\0", 1); } ``` After 3.3.0, the script will read all the data in the file, in this case 40 bytes, even though the limit argument is 1. Replacing #readline with #gets raises the ArgumentError in all versions. I'm fairly sure that the failure to check the separator string encoding leads to the incorrect handling of the limit argument. -- https://bugs.ruby-lang.org/ ______________________________________________ ruby-core mailing list -- ruby-core@ml.ruby-lang.org To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org ruby-core info -- https://ml.ruby-lang.org/mailman3/lists/ruby-core.ml.ruby-lang.org/