merge revision(s) bc3ac1872e4523334e3ed04c2bb70a55c4c43f98: [Backport #19748]

[Bug #19748] Fix out-of-bound access in `String#byteindex` --- string.c | 17 +++++++---------- test/ruby/test_string.rb | 3 +++ 2 files changed, 10 insertions(+), 10 deletions(-)
author: nagachika <nagachika@ruby-lang.org> 2023-07-22 13:39:44 +0900
committer: nagachika <nagachika@ruby-lang.org> 2023-07-22 13:39:44 +0900
commit: 65d294ad019c8ac5bba12e2c9098360bacafc9e3 (patch)
tree: 519befb52f5470baade380c01f6d5a1e0a82f788
parent: 35cf3a5f8d01aad07762eb824c3107bee9ae7fdd (diff)
3 files changed, 11 insertions, 9 deletions
diff --git a/string.c b/string.c
index 95f023232a..b48c54adf9 100644
--- a/string.c
+++ b/string.c
@@ -4048,20 +4048,21 @@ rb_str_byteindex_m(int argc, VALUE *argv, VALUE str)
     long pos;
 
     if (rb_scan_args(argc, argv, "11", &sub, &initpos) == 2) {
+        long slen = RSTRING_LEN(str);
         pos = NUM2LONG(initpos);
-    }
-    else {
-        pos = 0;
-    }
-    if (pos < 0) {
-        pos += RSTRING_LEN(str);
         if (pos < 0) {
+            pos += slen;
+        }
+        if (pos < 0 || pos > slen) {
             if (RB_TYPE_P(sub, T_REGEXP)) {
                 rb_backref_set(Qnil);
             }
             return Qnil;
         }
     }
+    else {
+        pos = 0;
+    }
 
     if (!str_check_byte_pos(str, pos)) {
         rb_raise(rb_eIndexError,
@@ -4069,8 +4070,6 @@ rb_str_byteindex_m(int argc, VALUE *argv, VALUE str)
     }
 
     if (RB_TYPE_P(sub, T_REGEXP)) {
-        if (pos > RSTRING_LEN(str))
-            return Qnil;
         if (rb_reg_search(sub, str, pos, 0) < 0) {
             return Qnil;
         }
diff --git a/test/ruby/test_string.rb b/test/ruby/test_string.rb
index 615ede2234..7c685407d6 100644
--- a/test/ruby/test_string.rb
+++ b/test/ruby/test_string.rb
@@ -3376,6 +3376,9 @@ CODE
     assert_equal(6, S("にんにちは").byteindex(S("に"), 6))
     assert_equal(6, S("にんにちは").byteindex(/に./, 6))
     assert_raise(IndexError) { S("にんにちは").byteindex(?に, 7) }
+
+    s = S("foobarbarbaz")
+    assert !1000.times.any? {s.byteindex("", 100_000_000)}
   end
 
   def test_byterindex
diff --git a/version.h b/version.h
index d4d549e09b..ad425dedae 100644
--- a/version.h
+++ b/version.h
@@ -11,7 +11,7 @@
 # define RUBY_VERSION_MINOR RUBY_API_VERSION_MINOR
 #define RUBY_VERSION_TEENY 2
 #define RUBY_RELEASE_DATE RUBY_RELEASE_YEAR_STR"-"RUBY_RELEASE_MONTH_STR"-"RUBY_RELEASE_DAY_STR
-#define RUBY_PATCHLEVEL 101
+#define RUBY_PATCHLEVEL 102
 
 #include "ruby/version.h"
 #include "ruby/internal/abi.h"
author	nagachika <nagachika@ruby-lang.org>	2023-07-22 13:39:44 +0900
committer	nagachika <nagachika@ruby-lang.org>	2023-07-22 13:39:44 +0900
commit	65d294ad019c8ac5bba12e2c9098360bacafc9e3 (patch)
tree	519befb52f5470baade380c01f6d5a1e0a82f788
parent	35cf3a5f8d01aad07762eb824c3107bee9ae7fdd (diff)