Project

General

Profile

Bug #11192

capture group special variable with large index invokes UB

Added by cremno (cremno phobia) about 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
[ruby-core:69393]

Description

$ ruby --dump=parsetree -e "$9999999999"
###########################################################
## Do NOT use this node dump for any purpose other than  ##
## debug and research.  Compatibility is not guaranteed. ##
###########################################################

# @ NODE_SCOPE (line: 1)
# +- nd_tbl: (empty)
# +- nd_args:
# |   (null node)
# +- nd_body:
#     @ NODE_NTH_REF (line: 1)
#     +- nd_nth: $1410065407

The culprit is this line in parse.y which contains a call to atoi().

A simple, non-intrusive fix could be calling a function with well-defined behavior when the resulting value can't be represented instead (such as strtoul()) and of course also adding a range check. But perhaps a syntax error is undesired here.


Related issues

Has duplicate Ruby trunk - Bug #11557: Capturing LimitsClosedActions

Associated revisions

Revision 238394e7
Added by nobu (Nobuyoshi Nakada) about 4 years ago

parse.y: check NTH_REF range

  • compile.c (iseq_compile_each): out of range NTH_REF is always nil.
  • parse.y (parse_numvar): check overflow of NTH_REF and range. [ruby-core:69393] [Bug #11192]
  • util.c (ruby_scan_digits): make public and add length parameter.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50671 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Revision 50671
Added by nobu (Nobuyoshi Nakada) about 4 years ago

parse.y: check NTH_REF range

  • compile.c (iseq_compile_each): out of range NTH_REF is always nil.
  • parse.y (parse_numvar): check overflow of NTH_REF and range. [ruby-core:69393] [Bug #11192]
  • util.c (ruby_scan_digits): make public and add length parameter.

Revision 50671
Added by nobu (Nobuyoshi Nakada) about 4 years ago

parse.y: check NTH_REF range

  • compile.c (iseq_compile_each): out of range NTH_REF is always nil.
  • parse.y (parse_numvar): check overflow of NTH_REF and range. [ruby-core:69393] [Bug #11192]
  • util.c (ruby_scan_digits): make public and add length parameter.

Revision 50671
Added by nobu (Nobuyoshi Nakada) about 4 years ago

parse.y: check NTH_REF range

  • compile.c (iseq_compile_each): out of range NTH_REF is always nil.
  • parse.y (parse_numvar): check overflow of NTH_REF and range. [ruby-core:69393] [Bug #11192]
  • util.c (ruby_scan_digits): make public and add length parameter.

Revision 50671
Added by nobu (Nobuyoshi Nakada) about 4 years ago

parse.y: check NTH_REF range

  • compile.c (iseq_compile_each): out of range NTH_REF is always nil.
  • parse.y (parse_numvar): check overflow of NTH_REF and range. [ruby-core:69393] [Bug #11192]
  • util.c (ruby_scan_digits): make public and add length parameter.

Revision 50671
Added by nobu (Nobuyoshi Nakada) about 4 years ago

parse.y: check NTH_REF range

  • compile.c (iseq_compile_each): out of range NTH_REF is always nil.
  • parse.y (parse_numvar): check overflow of NTH_REF and range. [ruby-core:69393] [Bug #11192]
  • util.c (ruby_scan_digits): make public and add length parameter.

Revision bf571987
Added by usa (Usaku NAKAMURA) almost 4 years ago

merge revision(s) 50671: [Backport #11192]

    * compile.c (iseq_compile_each): out of range NTH_REF is always
      nil.

    * parse.y (parse_numvar): check overflow of NTH_REF and range.
      [ruby-core:69393] [Bug #11192]

    * util.c (ruby_scan_digits): make public and add length parameter.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@51122 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Revision 51122
Added by usa (Usaku NAKAMURA) almost 4 years ago

merge revision(s) 50671: [Backport #11192]

* compile.c (iseq_compile_each): out of range NTH_REF is always
  nil.

* parse.y (parse_numvar): check overflow of NTH_REF and range.
  [ruby-core:69393] [Bug #11192]

* util.c (ruby_scan_digits): make public and add length parameter.

Revision 72fa2ec3
Added by nagachika (Tomoyuki Chikanaga) almost 4 years ago

merge revision(s) 50671: [Backport #11192]

    * compile.c (iseq_compile_each): out of range NTH_REF is always
      nil.

    * parse.y (parse_numvar): check overflow of NTH_REF and range.
      [ruby-core:69393] [Bug #11192]

    * util.c (ruby_scan_digits): make public and add length parameter.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@51134 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Revision 51134
Added by nagachika (Tomoyuki Chikanaga) almost 4 years ago

merge revision(s) 50671: [Backport #11192]

* compile.c (iseq_compile_each): out of range NTH_REF is always
  nil.

* parse.y (parse_numvar): check overflow of NTH_REF and range.
  [ruby-core:69393] [Bug #11192]

* util.c (ruby_scan_digits): make public and add length parameter.

History

#1

Updated by nobu (Nobuyoshi Nakada) about 4 years ago

  • Status changed from Open to Closed

Applied in changeset r50671.


parse.y: check NTH_REF range

  • compile.c (iseq_compile_each): out of range NTH_REF is always nil.
  • parse.y (parse_numvar): check overflow of NTH_REF and range. [ruby-core:69393] [Bug #11192]
  • util.c (ruby_scan_digits): make public and add length parameter.

Updated by usa (Usaku NAKAMURA) almost 4 years ago

  • Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN to 2.0.0: WONTFIX, 2.1: REQUIRED, 2.2: REQUIRED

Updated by usa (Usaku NAKAMURA) almost 4 years ago

  • Backport changed from 2.0.0: WONTFIX, 2.1: REQUIRED, 2.2: REQUIRED to 2.0.0: WONTFIX, 2.1: DONE, 2.2: REQUIRED

ruby_2_1 r51122 merged revision(s) 50671.

Updated by nagachika (Tomoyuki Chikanaga) almost 4 years ago

  • Backport changed from 2.0.0: WONTFIX, 2.1: DONE, 2.2: REQUIRED to 2.0.0: WONTFIX, 2.1: DONE, 2.2: DONE

Backported into ruby_2_2 branch at r51132.

Updated by nagachika (Tomoyuki Chikanaga) almost 4 years ago

  • Backport changed from 2.0.0: WONTFIX, 2.1: DONE, 2.2: DONE to 2.0.0: WONTFIX, 2.1: DONE, 2.2: REQUIRED

sorry, previous commet is a mistake.

Updated by nagachika (Tomoyuki Chikanaga) almost 4 years ago

  • Backport changed from 2.0.0: WONTFIX, 2.1: DONE, 2.2: REQUIRED to 2.0.0: WONTFIX, 2.1: DONE, 2.2: DONE

Backported into ruby_2_2 at r51134.

#7

Updated by nobu (Nobuyoshi Nakada) over 3 years ago

  • Has duplicate Bug #11557: Capturing Limits added

Also available in: Atom PDF