diff options
| author | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-03-27 15:35:54 +0000 |
|---|---|---|
| committer | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-03-27 15:35:54 +0000 |
| commit | 5194682b72d88304b29e7d083e582b2fc8d36073 (patch) | |
| tree | 4c6e5d818a68df5842268cfbccf0792eab04e1a0 | |
| parent | 18e641dc13a169c4dcc0ca9dbed9f46cb9f248fc (diff) | |
merge revision(s) 58040,58041: [Backport #13353]
stringio.c: check character code
* ext/stringio/stringio.c (strio_ungetc): check if the character
code is valid in the encoding. reported by Ahmad Sherif
(ahmadsherif) at https://hackerone.com/reports/209593.
stringio.c: check range
* ext/stringio/stringio.c (strio_ungetc): raise RangeError instead
of TypeError at too big value, as well as IO#ungetc.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@58160 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| -rw-r--r-- | ext/stringio/stringio.c | 8 | ||||
| -rw-r--r-- | test/stringio/test_stringio.rb | 3 | ||||
| -rw-r--r-- | version.h | 2 |
3 files changed, 9 insertions, 4 deletions
diff --git a/ext/stringio/stringio.c b/ext/stringio/stringio.c index bd83ea207b..3e9821527c 100644 --- a/ext/stringio/stringio.c +++ b/ext/stringio/stringio.c @@ -741,13 +741,15 @@ strio_ungetc(VALUE self, VALUE c) check_modifiable(ptr); if (NIL_P(c)) return Qnil; - if (FIXNUM_P(c)) { - int cc = FIX2INT(c); + if (RB_INTEGER_TYPE_P(c)) { + int len, cc = NUM2INT(c); char buf[16]; enc = rb_enc_get(ptr->string); + len = rb_enc_codelen(cc, enc); + if (len <= 0) rb_enc_uint_chr(cc, enc); rb_enc_mbcput(cc, buf, enc); - return strio_unget_bytes(ptr, buf, rb_enc_codelen(cc, enc)); + return strio_unget_bytes(ptr, buf, len); } else { SafeStringValue(c); diff --git a/test/stringio/test_stringio.rb b/test/stringio/test_stringio.rb index 05a733c88b..1861ab2329 100644 --- a/test/stringio/test_stringio.rb +++ b/test/stringio/test_stringio.rb @@ -390,6 +390,9 @@ class TestStringIO < Test::Unit::TestCase f.ungetc("y".ord) assert_equal("y", f.getc) assert_equal("2", f.getc) + + assert_raise(RangeError) {f.ungetc(0x1ffffff)} + assert_raise(RangeError) {f.ungetc(0xffffffffffffff)} ensure f.close unless f.closed? end @@ -1,6 +1,6 @@ #define RUBY_VERSION "2.3.3" #define RUBY_RELEASE_DATE "2017-03-28" -#define RUBY_PATCHLEVEL 269 +#define RUBY_PATCHLEVEL 270 #define RUBY_RELEASE_YEAR 2017 #define RUBY_RELEASE_MONTH 3 |