From: "trinistr (Alexander Bulancov) via ruby-core" Date: 2025-11-07T20:57:59+00:00 Subject: [ruby-core:123724] [Ruby Bug#21672] `IO::Buffer.new` does not check that flags are valid Issue #21672 has been reported by trinistr (Alexander Bulancov). ---------------------------------------- Bug #21672: `IO::Buffer.new` does not check that flags are valid https://bugs.ruby-lang.org/issues/21672 * Author: trinistr (Alexander Bulancov) * Status: Open * ruby -v: ruby 3.4.7 (2025-10-08 revision 7a5688e2a2) +PRISM [x86_64-linux] * Backport: 3.2: UNKNOWN, 3.3: UNKNOWN, 3.4: UNKNOWN ---------------------------------------- `IO::Buffer.new` has a `flags` argument that allows to override automatic decision between INTERNAL and MAPPED. As far as I understand, these modes are supposed to be exclusive, however in practice there is no check, and the user is free to specify both: ``` IO::Buffer.new(10, IO::Buffer::MAPPED|IO::Buffer::INTERNAL) # => # # # 0x00000000 00 00 00 00 00 00 00 00 00 00 .......... ``` >From the source code in https://github.com/ruby/ruby/blob/master/io_buffer.c#L204, the real mode seems to be INTERNAL. I imagine that the order of branches can be reversed with changes, suddenly changing behavior. Even worse, if at least one of `INTERNAL` or `MAPPED` is specified, flags are not checked at all, allowing complete nonsense: ``` IO::Buffer.new(10, 0xffffff) # # ``` `IO::Buffer.map` also exhibits this issue, though I'm unsure if this combination of flags is actually invalid (it at least doesn't get LOCKED): ``` IO::Buffer.map(File.open('README.md', 'r+'), nil, 0, 0xffffff) # # ``` -- https://bugs.ruby-lang.org/ ______________________________________________ ruby-core mailing list -- ruby-core@ml.ruby-lang.org To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org ruby-core info -- https://ml.ruby-lang.org/mailman3/lists/ruby-core.ml.ruby-lang.org/