From 853ab8662f4cdde16f28ba775acf1be0725a25f4 Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Tue, 21 Mar 2017 03:15:56 +0000
Subject: stringio.c: check character code

* ext/stringio/stringio.c (strio_ungetc): check if the character
  code is valid in the encoding.  reported by Ahmad Sherif
  (ahmadsherif) at https://hackerone.com/reports/209593.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58040 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ext/stringio/stringio.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'ext/stringio')

diff --git a/ext/stringio/stringio.c b/ext/stringio/stringio.c
index ba6512366a..d6833976af 100644
--- a/ext/stringio/stringio.c
+++ b/ext/stringio/stringio.c
@@ -767,12 +767,14 @@ strio_ungetc(VALUE self, VALUE c)
     check_modifiable(ptr);
     if (NIL_P(c)) return Qnil;
     if (FIXNUM_P(c)) {
-	int cc = FIX2INT(c);
+	int len, cc = FIX2INT(c);
 	char buf[16];
 
 	enc = rb_enc_get(ptr->string);
+	len = rb_enc_codelen(cc, enc);
+	if (len <= 0) rb_enc_uint_chr(cc, enc);
 	rb_enc_mbcput(cc, buf, enc);
-	return strio_unget_bytes(ptr, buf, rb_enc_codelen(cc, enc));
+	return strio_unget_bytes(ptr, buf, len);
     }
     else {
 	SafeStringValue(c);
-- 
cgit v1.2.3