From: nobu@...
Date: 2019-08-12T04:48:59+00:00
Subject: [ruby-core:94301] [Ruby master Bug#10453] NUM2CHR() does not perform additional bounds checks

Issue #10453 has been updated by nobu (Nobuyoshi Nakada).


As `CHR` should stand for `char` type of C, so exceeding the limit of `char` will make confusion, I guess.

I'm curious for what purpose @silverhammermba needs the range check.
If it is to get a codepoint, I don't think extracting the first byte from a string argument reasonable.

----------------------------------------
Bug #10453: NUM2CHR() does not perform additional bounds checks
https://bugs.ruby-lang.org/issues/10453#change-80649

* Author: silverhammermba (Max Anselm)
* Status: Assigned
* Priority: Normal
* Assignee: matz (Yukihiro Matsumoto)
* Target version: 
* ruby -v: ruby 2.1.4p265 (2014-10-27 revision 48166) [x86_64-linux]
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN
----------------------------------------
`NUM2CHR()` just calls `rb_num2int_inline()` and masks off the high bytes. Consequently, passing any value larger than a `char` and no bigger than an `int` will return some garbage value (rather than raising `RangeError`).

To reproduce, compile and run:

~~~C
#include <ruby.h>
#include <limits.h>

int main(int argc, char* argv[])
{
    ruby_init();
    
    VALUE y = INT2FIX(INT_MAX);
    char z = NUM2CHR(y);
    
    printf("%hhd\n", z);
    
    return ruby_cleanup(0);
}
~~~

Expected:
Segfault from uncaught `RangeError`.

Actual:
Prints -1

---Files--------------------------------
num2chr-range-check-10453.patch (1.35 KB)


-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>