From: matz@... Date: 2014-02-08T13:05:30+00:00 Subject: [ruby-core:60578] [ruby-trunk - Bug #8945] Unmarshaling an Array containing a Bignum from a tainted String returns a frozen, tainted Bignum Issue #8945 has been updated by Yukihiro Matsumoto. Agreed. It should be consistent here. Matz. ---------------------------------------- Bug #8945: Unmarshaling an Array containing a Bignum from a tainted String returns a frozen, tainted Bignum https://bugs.ruby-lang.org/issues/8945#change-45025 * Author: Brian Shirai * Status: Assigned * Priority: Normal * Assignee: Yukihiro Matsumoto * Category: core * Target version: current: 2.2.0 * ruby -v: ruby 2.1.0dev (2013-09-24 trunk 43025) [x86_64-darwin13.0.0] * Backport: 1.9.3: UNKNOWN, 2.0.0: UNKNOWN ---------------------------------------- In 2.1, Symbol, Fixnum, Bignum, and Float (at least) have been changed to frozen by default. Consequently, calling #taint on an instance of those classes raises a RuntimeError because a frozen object cannot be modified to be tainted. However: sasha:rbx brian$ ruby -v ruby 2.1.0dev (2013-09-24 trunk 43025) [x86_64-darwin13.0.0] sasha:rbx brian$ irb irb(main):001:0> a = 0xffff_ffff_ffff_ffff => 18446744073709551615 irb(main):002:0> a.class => Bignum irb(main):003:0> a.frozen? => true irb(main):004:0> a.tainted? => false irb(main):005:0> str = Marshal.dump([a]).taint => "\x04\b[\x06l+\t\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF" irb(main):006:0> str.tainted? => true irb(main):007:0> aa = Marshal.load(str) => [18446744073709551615] irb(main):008:0> aa.first.class => Bignum irb(main):009:0> aa.first.frozen? => true irb(main):010:0> aa.first.tainted? => true irb(main):011:0> The behavior above is inconsistent with the results of performing the same operations on instances of Symbol, Fixnum, Float. For example: irb(main):014:0> :a.frozen? => true irb(main):015:0> :a.tainted? => false irb(main):016:0> str = Marshal.dump([:a]).taint => "\x04\b[\x06:\x06a" irb(main):017:0> aa = Marshal.load(str) => [:a] irb(main):018:0> aa.tainted? => true irb(main):019:0> aa.first.frozen? => true irb(main):020:0> aa.first.tainted? => false -- http://bugs.ruby-lang.org/