Ruby

In Ruby's IO, a "byte" means an integer of range 0...256.
However IO#ungetbyte is the only exception.
It does not check the argument to accept liberal integers.

File.open("/dev/zero") {|f| f.ungetbyte(-1); p f.read(2) } # => "\xFF\x00"
File.open("/dev/zero") {|f| f.ungetbyte(257); p f.read(2) } # => "\x01\x00"

I see no vulnerability so just filing this as a normal bug.