From 7e811007e22fd8074200e7f302e14542043718a7 Mon Sep 17 00:00:00 2001
From: naruse <naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Wed, 22 Mar 2017 05:54:22 +0000
Subject: merge revision(s) 58040,58041:

	stringio.c: check character code

	* ext/stringio/stringio.c (strio_ungetc): check if the character
	  code is valid in the encoding.  reported by Ahmad Sherif
	  (ahmadsherif) at https://hackerone.com/reports/209593.
	stringio.c: check range

	* ext/stringio/stringio.c (strio_ungetc): raise RangeError instead
	  of TypeError at too big value, as well as IO#ungetc.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@58052 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ext/stringio/stringio.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'ext')

diff --git a/ext/stringio/stringio.c b/ext/stringio/stringio.c
index fb2eddaa7e..1e464bc9d1 100644
--- a/ext/stringio/stringio.c
+++ b/ext/stringio/stringio.c
@@ -767,13 +767,15 @@ strio_ungetc(VALUE self, VALUE c)
 
     check_modifiable(ptr);
     if (NIL_P(c)) return Qnil;
-    if (FIXNUM_P(c)) {
-	int cc = FIX2INT(c);
+    if (RB_INTEGER_TYPE_P(c)) {
+	int len, cc = NUM2INT(c);
 	char buf[16];
 
 	enc = rb_enc_get(ptr->string);
+	len = rb_enc_codelen(cc, enc);
+	if (len <= 0) rb_enc_uint_chr(cc, enc);
 	rb_enc_mbcput(cc, buf, enc);
-	return strio_unget_bytes(ptr, buf, rb_enc_codelen(cc, enc));
+	return strio_unget_bytes(ptr, buf, len);
     }
     else {
 	SafeStringValue(c);
-- 
cgit v1.2.3