diff options
Diffstat (limited to 'spec/ruby/security/cve_2018_8778_spec.rb')
| -rw-r--r-- | spec/ruby/security/cve_2018_8778_spec.rb | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/spec/ruby/security/cve_2018_8778_spec.rb b/spec/ruby/security/cve_2018_8778_spec.rb new file mode 100644 index 0000000000..bbdaac734c --- /dev/null +++ b/spec/ruby/security/cve_2018_8778_spec.rb @@ -0,0 +1,10 @@ +require_relative '../spec_helper' + +describe "String#unpack" do + it "resists CVE-2018-8778 by raising an exception when a position indicator is larger than a native integer" do + pos = (1 << PlatformGuard::POINTER_SIZE) - 99 + -> { + "0123456789".unpack("@#{pos}C10") + }.should.raise(RangeError, /pack length too big/) + end +end |