Backport #2707

Denial of Service with Date>> operator for large numbers of n

Added by Zev Blut about 2 years ago. Updated 10 months ago.

[ruby-core:28011]
Status:Closed Start date:02/03/2010
Priority:Low Due date:
Assignee:Kirk Haines % Done:

100%
Category:-
Target version:-

Description

I am not sure this is a realistic issue, but my colleagues and I discovered a fun way to consume cpu for a long time.

For any n >= 1e16

ruby -v 
ruby 1.8.6 (2009-06-08 patchlevel 369) [i686-linux]

> require 'date'
> n = 1e16
> Date.today >> (n* 12)

On 1.9 this might not be a problem:
ruby -v
ruby 1.9.1p243 (2009-07-16 revision 24175) [i686-linux]

ruby-1.9.1-p243 > RUBY_VERSION
 => "1.9.1" 
ruby-1.9.1-p243 > require 'date'
 => true 
ruby-1.9.1-p243 > n = 1e16
 => 1.0e+16 
ruby-1.9.1-p243 > Date.today >> (n* 12)
NoMethodError: undefined method `+' for nil:NilClass
	from /home/zblut/.rvm/ruby-1.9.1-p243/lib/ruby/1.9.1/date.rb:620:in `_valid_civil?'
	from /home/zblut/.rvm/ruby-1.9.1-p243/lib/ruby/1.9.1/date.rb:1410:in `>>'
	from (irb):4
	from /home/zblut/.rvm/ruby-1.9.1-p243/bin/irb:15:in `<main>'
ruby-1.9.1-p243 > n = 1e15
 => 1.0e+15 
ruby-1.9.1-p243 > Date.today >> (n* 12)
 => #<Date: 1000000000002010-01-03 (730485000004910427/2,0,2299161)>

Associated revisions

Revision 27014
Added by tadf almost 2 years ago

* lib/date.rb (Date#>>): fixed. [ruby-core:28011]

Revision 28204
Added by shyouhei over 1 year ago

merge revision(s) 27014: * lib/date.rb (Date#>>): fixed. [ruby-core:28011]

Revision 28233
Added by wyhaines over 1 year ago

lib/date.rb: Backport #2707 [ruby-core:28011]; backport r27014 to fix problem with Date#>> and very small numbers.

History

#1
Updated by tadayoshi funaba almost 2 years ago

  • Status changed from Open to Closed
  • % Done changed from 0 to 100
This issue was solved with changeset r27014.
Zev, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.

#2
Updated by Shyouhei Urabe almost 2 years ago

  • Status changed from Closed to Assigned
  • Assignee set to Shyouhei Urabe

#3
Updated by Shyouhei Urabe over 1 year ago

  • Status changed from Assigned to Closed
This issue was solved with changeset r28204.
Zev, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.

#4
Updated by Shyouhei Urabe over 1 year ago

  • Status changed from Closed to Assigned
  • Assignee changed from Shyouhei Urabe to Kirk Haines
According to the reporter this issue affects 1.8.6.

#5
Updated by Kirk Haines over 1 year ago

  • Status changed from Assigned to Closed
This issue was solved with changeset r28233.
Zev, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.

Also available in: Atom PDF