Project

General

Profile

Actions
Copy link

Bug #11760

closed

Encoding is tainted unexpectedly by Marshal.load

Added by nobu (Nobuyoshi Nakada) over 8 years ago. Updated over 8 years ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
r52850
Backport:
2.0.0: REQUIRED, 2.1: DONE, 2.2: DONE
[ruby-core:71793]

Description

By Marshal.loading tainted source, Encoding object will be tainted.

code to reproduce

e = Encoding::UTF_8
p e.tainted?
p e == Marshal.load(Marshal.dump(e).taint)
p e.tainted?

expected results

false, true, and false

actual results

false, true, and true

Actions
Copy link
 #1

Updated by nobu (Nobuyoshi Nakada) over 8 years ago

  • Status changed from Open to Closed

Applied in changeset r52856.

encoding.c: defer finding encoding

  • encoding.c (enc_m_loader): defer finding encoding object not to
    be infected by marshal source. [ruby-core:71793] [Bug #11760]
  • marshal.c (r_object0): enable compatible loader on USERDEF
    class. the loader function is called with the class itself,
    instead of an allocated object, and the loaded data.
  • marshal.c (compat_allocator_table): intialize
    compat_allocator_tbl on demand.
  • object.c (rb_undefined_alloc): extract from rb_obj_alloc.
Actions
Copy link
 #2 [ruby-core:71928]

Updated by usa (Usaku NAKAMURA) over 8 years ago

  • Backport changed from 2.0.0: REQUIRED, 2.1: REQUIRED, 2.2: REQUIRED to 2.0.0: REQUIRED, 2.1: DONE, 2.2: REQUIRED

ruby_2_1 r52933 merged revision(s) 52856,52906.

Actions
Copy link
 #3 [ruby-core:71954]

Updated by nagachika (Tomoyuki Chikanaga) over 8 years ago

  • Backport changed from 2.0.0: REQUIRED, 2.1: DONE, 2.2: REQUIRED to 2.0.0: REQUIRED, 2.1: DONE, 2.2: DONE

Backported into ruby_2_2 branch at r52974.

Actions
Copy link

Also available in: Atom PDF

Like0
Like0Like0Like0