diff options
author | Nobuyoshi Nakada <nobu@ruby-lang.org> | 2023-09-13 06:45:26 +0900 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-09-13 09:45:26 +1200 |
commit | 19346c2336053b351673da030b00c704138252d8 (patch) | |
tree | b61acd3bc34e00f1970028991b56dd346229b583 | |
parent | 11c32e33ebe00e746579edc3f1358fdb4fe8cf85 (diff) |
[Bug #19754] Make `IO::Buffer#get_string` check `offset` range (#8016)
Notes
Notes:
Merged-By: ioquatix <samuel@codeotaku.com>
-rw-r--r-- | io_buffer.c | 3 | ||||
-rw-r--r-- | test/ruby/test_io_buffer.rb | 8 |
2 files changed, 11 insertions, 0 deletions
diff --git a/io_buffer.c b/io_buffer.c index d987b8fa38..6b5d5ee714 100644 --- a/io_buffer.c +++ b/io_buffer.c @@ -1156,6 +1156,9 @@ VALUE rb_io_buffer_free_locked(VALUE self) static inline void io_buffer_validate_range(struct rb_io_buffer *buffer, size_t offset, size_t length) { + if (offset > buffer->size) { + rb_raise(rb_eArgError, "Specified offset exceeds buffer size!"); + } if (offset + length > buffer->size) { rb_raise(rb_eArgError, "Specified offset+length exceeds buffer size!"); } diff --git a/test/ruby/test_io_buffer.rb b/test/ruby/test_io_buffer.rb index 75ec4016fa..c3ab09f27e 100644 --- a/test/ruby/test_io_buffer.rb +++ b/test/ruby/test_io_buffer.rb @@ -251,6 +251,14 @@ class TestIOBuffer < Test::Unit::TestCase chunk = buffer.get_string(0, message.bytesize, Encoding::BINARY) assert_equal Encoding::BINARY, chunk.encoding + + assert_raise_with_message(ArgumentError, /exceeds buffer size/) do + buffer.get_string(0, 129) + end + + assert_raise_with_message(ArgumentError, /exceeds buffer size/) do + buffer.get_string(129) + end end # We check that values are correctly round tripped. |