4 files changed, 12 insertions, 1 deletions

diff --git a/ChangeLog b/ChangeLog
index c97aa00434..974d4aa5f9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Sun Jul 19 17:32:37 2009  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* io.c (io_read): should taint the result.   [ruby-dev:38826]
+
 Sat Jul 18 23:44:59 2009  NARUSE, Yui  <naruse@ruby-lang.org>
 
 	* re.c (reg_enc_error): use rb_enc_get to get the encoding of
diff --git a/io.c b/io.c
index e38d73acd0..48a6392128 100644
--- a/io.c
+++ b/io.c
@@ -1998,6 +1998,7 @@ io_read(int argc, VALUE *argv, VALUE io)
         return Qnil;
     }
     rb_str_resize(str, n);
+    OBJ_TAINT(str);
 
     return str;
 }
diff --git a/test/ruby/test_io.rb b/test/ruby/test_io.rb
index 776cf34147..04c0b55533 100644
--- a/test/ruby/test_io.rb
+++ b/test/ruby/test_io.rb
@@ -1368,4 +1368,10 @@ class TestIO < Test::Unit::TestCase
       }
     }
   end
+
+  def test_tainted
+    t = make_tempfile
+    assert(File.read(t.path, 4).tainted?, '[ruby-dev:38826]')
+    assert(File.open(t.path) {|f| f.read(4)}.tainted?, '[ruby-dev:38826]')
+  end
 end
diff --git a/version.h b/version.h
index 08c8212e68..59540f3536 100644
--- a/version.h
+++ b/version.h
@@ -1,5 +1,5 @@
 #define RUBY_VERSION "1.9.1"
-#define RUBY_PATCHLEVEL 247
+#define RUBY_PATCHLEVEL 248
 #define RUBY_VERSION_MAJOR 1
 #define RUBY_VERSION_MINOR 9
 #define RUBY_VERSION_TEENY 1