[Bug #19754] Make `IO::Buffer#get_string` check `offset` range (#8016)

author: Nobuyoshi Nakada <nobu@ruby-lang.org> 2023-09-13 06:45:26 +0900
committer: GitHub <noreply@github.com> 2023-09-13 09:45:26 +1200
commit: 19346c2336053b351673da030b00c704138252d8 (patch)
tree: b61acd3bc34e00f1970028991b56dd346229b583
parent: 11c32e33ebe00e746579edc3f1358fdb4fe8cf85 (diff)
2 files changed, 11 insertions, 0 deletions
diff --git a/io_buffer.c b/io_buffer.c
index d987b8fa38..6b5d5ee714 100644
--- a/io_buffer.c
+++ b/io_buffer.c
@@ -1156,6 +1156,9 @@ VALUE rb_io_buffer_free_locked(VALUE self)
 static inline void
 io_buffer_validate_range(struct rb_io_buffer *buffer, size_t offset, size_t length)
 {
+    if (offset > buffer->size) {
+        rb_raise(rb_eArgError, "Specified offset exceeds buffer size!");
+    }
     if (offset + length > buffer->size) {
         rb_raise(rb_eArgError, "Specified offset+length exceeds buffer size!");
     }
diff --git a/test/ruby/test_io_buffer.rb b/test/ruby/test_io_buffer.rb
index 75ec4016fa..c3ab09f27e 100644
--- a/test/ruby/test_io_buffer.rb
+++ b/test/ruby/test_io_buffer.rb
@@ -251,6 +251,14 @@ class TestIOBuffer < Test::Unit::TestCase
 
     chunk = buffer.get_string(0, message.bytesize, Encoding::BINARY)
     assert_equal Encoding::BINARY, chunk.encoding
+
+    assert_raise_with_message(ArgumentError, /exceeds buffer size/) do
+      buffer.get_string(0, 129)
+    end
+
+    assert_raise_with_message(ArgumentError, /exceeds buffer size/) do
+      buffer.get_string(129)
+    end
   end
 
   # We check that values are correctly round tripped.
author	Nobuyoshi Nakada <nobu@ruby-lang.org>	2023-09-13 06:45:26 +0900
committer	GitHub <noreply@github.com>	2023-09-13 09:45:26 +1200
commit	19346c2336053b351673da030b00c704138252d8 (patch)
tree	b61acd3bc34e00f1970028991b56dd346229b583
parent	11c32e33ebe00e746579edc3f1358fdb4fe8cf85 (diff)