Ensure safe handling of `IO::Buffer#hexdump` width. (#16593)

author: Samuel Williams <samuel.williams@oriontransfer.co.nz> 2026-03-29 18:57:51 +1300
committer: GitHub <noreply@github.com> 2026-03-29 18:57:51 +1300
commit: f9175a9e5f55400ab536a64764f141564674c7ad (patch)
tree: e3fa58e852dc4bd998bf0e986793c1300031bd13 /io_buffer.c
parent: 843bb9b7f6e8b0179edaca50ed7cf2216f83759c (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/io_buffer.c b/io_buffer.c
index cb35141f47..3c7b3eb16a 100644
--- a/io_buffer.c
+++ b/io_buffer.c
@@ -39,6 +39,7 @@ size_t RUBY_IO_BUFFER_DEFAULT_SIZE;
 
 enum {
     RB_IO_BUFFER_HEXDUMP_DEFAULT_WIDTH = 16,
+    RB_IO_BUFFER_HEXDUMP_MAXIMUM_WIDTH = 1024,
 
     RB_IO_BUFFER_INSPECT_HEXDUMP_MAXIMUM_SIZE = 256,
     RB_IO_BUFFER_INSPECT_HEXDUMP_WIDTH = 16,
@@ -384,7 +385,7 @@ io_buffer_extract_size(VALUE argument)
 }
 
 // Extract a width argument, which must be a non-negative integer, and must be
-// at least the given minimum.
+// at least the given minimum and at most RB_IO_BUFFER_HEXDUMP_MAXIMUM_WIDTH.
 static inline size_t
 io_buffer_extract_width(VALUE argument, size_t minimum)
 {
@@ -398,6 +399,10 @@ io_buffer_extract_width(VALUE argument, size_t minimum)
         rb_raise(rb_eArgError, "Width must be at least %" PRIuSIZE "!", minimum);
     }
 
+    if (width > RB_IO_BUFFER_HEXDUMP_MAXIMUM_WIDTH) {
+        rb_raise(rb_eArgError, "Width must be at most %" PRIuSIZE "!", (size_t)RB_IO_BUFFER_HEXDUMP_MAXIMUM_WIDTH);
+    }
+
     return width;
 }
author	Samuel Williams <samuel.williams@oriontransfer.co.nz>	2026-03-29 18:57:51 +1300
committer	GitHub <noreply@github.com>	2026-03-29 18:57:51 +1300
commit	f9175a9e5f55400ab536a64764f141564674c7ad (patch)
tree	e3fa58e852dc4bd998bf0e986793c1300031bd13 /io_buffer.c
parent	843bb9b7f6e8b0179edaca50ed7cf2216f83759c (diff)