From: nobu@...
Date: 2014-10-31T15:12:49+00:00
Subject: [ruby-core:66036] [ruby-trunk - Bug #10453] [Assigned] NUM2CHR() does not perform additional bounds checks

Issue #10453 has been updated by Nobuyoshi Nakada.

Description updated
Category set to core
Status changed from Open to Assigned
Assignee set to Yukihiro Matsumoto
Target version set to current: 2.2.0

`NUM2CHR` rather should never raise `RangeError` for any arguments?

----------------------------------------
Bug #10453: NUM2CHR() does not perform additional bounds checks
https://bugs.ruby-lang.org/issues/10453#change-49755

* Author: Max Anselm
* Status: Assigned
* Priority: Normal
* Assignee: Yukihiro Matsumoto
* Category: core
* Target version: current: 2.2.0
* ruby -v: ruby 2.1.4p265 (2014-10-27 revision 48166) [x86_64-linux]
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN
----------------------------------------
`NUM2CHR()` just calls `rb_num2int_inline()` and masks off the high bytes. Consequently, passing any value larger than a `char` and no bigger than an `int` will return some garbage value (rather than raising `RangeError`).

To reproduce, compile and run:

~~~C
#include <ruby.h>
#include <limits.h>

int main(int argc, char* argv[])
{
    ruby_init();
    
    VALUE y = INT2FIX(INT_MAX);
    char z = NUM2CHR(y);
    
    printf("%hhd\n", z);
    
    return ruby_cleanup(0);
}
~~~

Expected:
Segfault from uncaught `RangeError`.

Actual:
Prints -1



-- 
https://bugs.ruby-lang.org/