From: mame@... Date: 2019-12-03T15:44:48+00:00 Subject: [ruby-core:96086] [Ruby master Bug#10453] NUM2CHR() does not perform additional bounds checks Issue #10453 has been updated by mame (Yusuke Endoh). Status changed from Assigned to Rejected See #15460. `String#setbyte` has accepted not only 0..255 but also any integers. Once it had been limited only to 0..255, but it caused a compatibility issue, and eventually was reverted. I don't think that this is a good idea in terms of compatibility, unless there is a special reason to make it strict. I tentatively close this because there is no response from OP. If we have a response, I'd be happy to reopen. ---------------------------------------- Bug #10453: NUM2CHR() does not perform additional bounds checks https://bugs.ruby-lang.org/issues/10453#change-82939 * Author: silverhammermba (Max Anselm) * Status: Rejected * Priority: Normal * Assignee: matz (Yukihiro Matsumoto) * Target version: * ruby -v: ruby 2.1.4p265 (2014-10-27 revision 48166) [x86_64-linux] * Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN ---------------------------------------- `NUM2CHR()` just calls `rb_num2int_inline()` and masks off the high bytes. Consequently, passing any value larger than a `char` and no bigger than an `int` will return some garbage value (rather than raising `RangeError`). To reproduce, compile and run: ~~~C #include #include int main(int argc, char* argv[]) { ruby_init(); VALUE y = INT2FIX(INT_MAX); char z = NUM2CHR(y); printf("%hhd\n", z); return ruby_cleanup(0); } ~~~ Expected: Segfault from uncaught `RangeError`. Actual: Prints -1 ---Files-------------------------------- num2chr-range-check-10453.patch (1.35 KB) -- https://bugs.ruby-lang.org/ Unsubscribe: