[#53097] [ruby-trunk - Bug #8000][Open] "require 'tk'" segfaults on 64-bit linux with Tk 8.6 — "edmccard (Ed McCardell)" <edmccard@...>
25 messages
2013/03/02
[#53199] [ruby-trunk - Bug #8040][Open] Unexpect behavior when using keyword arguments — "pabloh (Pablo Herrero)" <pablodherrero@...>
11 messages
2013/03/07
[#53203] [ruby-trunk - Feature #8042][Open] Add Addrinfo#socket to create a socket that is not connected or bound — "drbrain (Eric Hodel)" <drbrain@...7.net>
12 messages
2013/03/07
[#55610] [ruby-trunk - Feature #8042] Add Addrinfo#socket to create a socket that is not connected or bound
— "headius (Charles Nutter)" <headius@...>
2013/06/23
[#53211] [ruby-trunk - Feature #8046][Open] allow Object#extend to take a block — "phluid61 (Matthew Kerwin)" <matthew@...>
6 messages
2013/03/08
[#53248] Github commit log should not be used as references on redmine — Marc-Andre Lafortune <ruby-core-mailing-list@...>
Github commit log should not be used as references on redmine. E.g:
10 messages
2013/03/09
[#53249] Re: Github commit log should not be used as references on redmine
— Zachary Scott <zachary@...>
2013/03/09
I think redmine should ignore flags like \[GH.*#\d*\] or something similar.
[#53606] Re: Github commit log should not be used as references on redmine
— Zachary Scott <zachary@...>
2013/03/21
Ping!
[#53615] Re: Github commit log should not be used as references on redmine
— "NARUSE, Yui" <naruse@...>
2013/03/22
The best place of creating Feature Requests for bug.ruby-lang.org's Redmine
[#53265] [ruby-trunk - Bug #8058][Open] RubyGems test failures under MinGW — "luislavena (Luis Lavena)" <luislavena@...>
5 messages
2013/03/09
[#53349] [ruby-trunk - Bug #8080][Open] Segfault in rb_fd_set — "jonleighton (Jon Leighton)" <j@...>
8 messages
2013/03/12
[#53386] [CommonRuby - Feature #8088][Open] Method#parameters (and friends) should provide useful information about core methods — "headius (Charles Nutter)" <headius@...>
14 messages
2013/03/13
[#55921] [CommonRuby - Feature #8088] Method#parameters (and friends) should provide useful information about core methods
— "headius (Charles Nutter)" <headius@...>
2013/07/10
[#55922] Re: [CommonRuby - Feature #8088] Method#parameters (and friends) should provide useful information about core methods
— Yorick Peterse <yorickpeterse@...>
2013/07/10
Consider the following code:
[#55926] Re: [CommonRuby - Feature #8088] Method#parameters (and friends) should provide useful information about core methods
— Charles Oliver Nutter <headius@...>
2013/07/10
On Wed, Jul 10, 2013 at 11:16 AM, Yorick Peterse
[#53412] [CommonRuby - Feature #8096][Open] introduce Time.current_timestamp — "vipulnsward (Vipul Amler)" <vipulnsward@...>
34 messages
2013/03/14
[#53461] [CommonRuby - Feature #8096] introduce Time.current_timestamp
— "vipulnsward (Vipul Amler)" <vipulnsward@...>
2013/03/15
[#53478] [ruby-trunk - Feature #8107][Open] [patch] runtime flag to track object allocation metadata — "tmm1 (Aman Gupta)" <ruby@...1.net>
20 messages
2013/03/16
[#53526] [ruby-trunk - Feature #8107] [patch] runtime flag to track object allocation metadata
— "tmm1 (Aman Gupta)" <ruby@...1.net>
2013/03/19
[#53523] [ruby-trunk - Bug #8122][Open] [patch] gc: GC.stat improvements and related cleanup — "tmm1 (Aman Gupta)" <ruby@...1.net>
5 messages
2013/03/19
[#53585] Consistent hashing in the face of HashDOS? — Charles Oliver Nutter <headius@...>
It had to happen eventually...
7 messages
2013/03/21
[#53599] [Backport 200 - Backport #8135][Open] Backport escape all closing parens - r39858 — "vo.x (Vit Ondruch)" <v.ondruch@...>
7 messages
2013/03/21
[#53619] [ruby-trunk - Bug #8142][Open] [patch] iseq: reduce array allocations for simple sequences — "tmm1 (Aman Gupta)" <ruby@...1.net>
7 messages
2013/03/22
[#53635] [ruby-trunk - Bug #8148][Open] [patch] reduce allocations due to __FILE__ and {class,module}_eval — "tmm1 (Aman Gupta)" <ruby@...1.net>
6 messages
2013/03/22
[#54391] [ruby-trunk - Bug #8148] [patch] reduce allocations due to __FILE__ and {class,module}_eval
— "headius (Charles Nutter)" <headius@...>
2013/04/17
[#53679] Why doesn’t String#+ return an untrusted result if self or other is untrusted? — Nikolai Weibull <now@...>
Hi!
5 messages
2013/03/23
[#53680] Re: [ruby-core:53679] Why doesn’t String#+ return an untrusted result if self or other is untrusted?
— KOSAKI Motohiro <kosaki.motohiro@...>
2013/03/23
On Sat, Mar 23, 2013 at 2:45 PM, Nikolai Weibull <now@bitwi.se> wrote:
[#53685] Re: [ruby-core:53680] Re: [ruby-core:53679] Why doesn’t String#+ return an untrusted result if self or other is untrusted?
— Nikolai Weibull <now@...>
2013/03/23
On Sat, Mar 23, 2013 at 8:30 PM, KOSAKI Motohiro
[#53688] [ruby-trunk - Feature #8158][Open] lightweight structure for loaded features index — "funny_falcon (Yura Sokolov)" <funny.falcon@...>
27 messages
2013/03/24
[#53692] [ruby-trunk - Bug #8159][Open] Build failure introduced by Rinda changes — "luislavena (Luis Lavena)" <luislavena@...>
22 messages
2013/03/24
[#53713] [ruby-trunk - Bug #8159] Build failure introduced by Rinda changes
— "naruse (Yui NARUSE)" <naruse@...>
2013/03/25
[#53709] [Backport 200 - Backport #8163][Assigned] Backport r39919 — "authorNari (Narihiro Nakamura)" <authorNari@...>
6 messages
2013/03/25
[#53733] [ruby-trunk - Bug #8165][Open] Problems with require — "Krugloff (Alexandr Kruglov)" <mr.krugloff@...>
12 messages
2013/03/26
[#53764] [ruby-trunk - Bug #8173][Open] 2-arg form of Time.at can take a Time as either argument — "hasari (Hiro Asari)" <asari.ruby@...>
8 messages
2013/03/27
[#53808] [ruby-trunk - Feature #8181][Open] New flag for strftime that supports adding ordinal suffixes to numbers — "tkellen (Tyler Kellen)" <tyler@...>
10 messages
2013/03/28
[#53811] [ruby-trunk - Bug #8182][Open] XMLRPC request fails with "Wrong size. Was 31564, should be 1501" — "tsagadar (Marcel Mueller)" <marcel.mueller@...>
28 messages
2013/03/28
[#53825] Thread/fork issue — Jason Gladish <jason@...>
Hello all,
9 messages
2013/03/29
[#53832] Re: Thread/fork issue
— Tanaka Akira <akr@...>
2013/03/29
2013/3/30 Jason Gladish <jason@expectedbehavior.com>:
[#53887] Re: Thread/fork issue
— Tanaka Akira <akr@...>
2013/04/02
2013/3/30 Tanaka Akira <akr@fsij.org>:
[#53901] Re: Thread/fork issue
— KOSAKI Motohiro <kosaki.motohiro@...>
2013/04/02
> I wrote a simple script to reproduce the problem.
[#53849] [ruby-trunk - Feature #8191][Open] Short-hand syntax for duck-typing — "wardrop (Tom Wardrop)" <tom@...>
48 messages
2013/03/31
[#53894] [ruby-trunk - Feature #8191] Short-hand syntax for duck-typing
— "rosenfeld (Rodrigo Rosenfeld Rosas)" <rr.rosas@...>
2013/04/02
[#53938] [ruby-trunk - Feature #8191] Short-hand syntax for duck-typing
— "phluid61 (Matthew Kerwin)" <matthew@...>
2013/04/03
[#53916] [ruby-trunk - Feature #8191] Short-hand syntax for duck-typing
— "wardrop (Tom Wardrop)" <tom@...>
2013/04/03
[#53850] An evaluation of 2.0.0 release — Yusuke Endoh <mame@...>
Let's look back at 2.0.0 release so that we can do better next time.
12 messages
2013/03/31
[#53853] Re: An evaluation of 2.0.0 release
— V咜 Ondruch <v.ondruch@...>
2013/03/31
Hello Yusuke,
[ruby-core:53197] [ruby-trunk - Feature #7791] Let symbols be garbage collected
From:
"jeremyevans0 (Jeremy Evans)" <merch-redmine@...>
Date:
2013-03-07 17:02:06 UTC
List:
ruby-core #53197
Issue #7791 has been updated by jeremyevans0 (Jeremy Evans). rosenfeld (Rodrigo Rosenfeld Rosas) wrote: > Jeremy, I don't understand how #to_existing_sym could avoid the issue. Take your gem "sequel" for instance. In my application there is a class that will generate dynamic queries based on the user params. Sequel will always convert those dynamic column alias (like "v786") to symbols. Those symbols won't exist when the application boots. If Sequel used #to_existing_sym for creating the symbol it would raise since that symbol wouldn't exist. I wouldn't use #to_existing_sym for identifiers returned from databases. It is assumed that there is a fixed number that will be used, and allowing user-controlled identifiers can be a security issue. If your identifiers are based on user params, and you aren't validating them, you currently have denial of service at the least and possible SQL injection depending on the adapter in use. There are other cases in Sequel where #to_existing_sym would might make sense using, though (connection string options, JSON/XML deserialization). ---------------------------------------- Feature #7791: Let symbols be garbage collected https://bugs.ruby-lang.org/issues/7791#change-37365 Author: rosenfeld (Rodrigo Rosenfeld Rosas) Status: Feedback Priority: Normal Assignee: matz (Yukihiro Matsumoto) Category: core Target version: next minor Lots of Denial-of-Service security vulnerabilities exploited in Ruby programs rely on symbols not being collected by garbage collector. Ideally I'd prefer symbols and strings to behave exactly the same being just alternate ways of writing strings but I'll let this to another ticket. This one simply asks for symbols to be allowed to be garbage collected when low on memory. Maybe one could set up some up-limit memory constraints dedicated to storing symbols. That way, the most accessed symbols would remain in that memory region and the least used ones would be reclaimed when the memory for symbols is over and a new symbol is created. Or you could just allow symbols to be garbage collected any time. Any reasons why this would be a bad idea? Any performance benchmark demonstrating how using symbols instead of strings would make a real-world software perform much better? Currently I only see symbols slowing down processing because people don't want to worry about it and will often use something like ActiveSupport Hash#with_indifferent_access or some other method to convert a string to symbol or vice versa... -- http://bugs.ruby-lang.org/