Project

General

Profile

Bug #10453

NUM2CHR() does not perform additional bounds checks

Added by silverhammermba (Max Anselm) over 4 years ago. Updated over 1 year ago.

Status:
Assigned
Priority:
Normal
Target version:
-
ruby -v:
ruby 2.1.4p265 (2014-10-27 revision 48166) [x86_64-linux]
[ruby-core:66002]

Description

NUM2CHR() just calls rb_num2int_inline() and masks off the high bytes. Consequently, passing any value larger than a char and no bigger than an int will return some garbage value (rather than raising RangeError).

To reproduce, compile and run:

#include <ruby.h>
#include <limits.h>

int main(int argc, char* argv[])
{
    ruby_init();

    VALUE y = INT2FIX(INT_MAX);
    char z = NUM2CHR(y);

    printf("%hhd\n", z);

    return ruby_cleanup(0);
}

Expected:
Segfault from uncaught RangeError.

Actual:
Prints -1

History

Updated by nobu (Nobuyoshi Nakada) over 4 years ago

  • Description updated (diff)
  • Category set to core
  • Status changed from Open to Assigned
  • Assignee set to matz (Yukihiro Matsumoto)
  • Target version set to 2.2.0

NUM2CHR rather should never raise RangeError for any arguments?

Updated by silverhammermba (Max Anselm) over 4 years ago

I would expect it to raise RangeError if the num exceeds the size of a char. That is the behavior of the all of the other NUM2* macros.

#3

Updated by naruse (Yui NARUSE) over 1 year ago

  • Target version deleted (2.2.0)

Also available in: Atom PDF