Actions
Bug #14359
closedIO#ungetbyte integer overflow
Description
In Ruby's IO, a "byte" means an integer of range 0...256.
However IO#ungetbyte is the only exception.
It does not check the argument to accept liberal integers.
File.open("/dev/zero") {|f| f.ungetbyte(-1); p f.read(2) } # => "\xFF\x00"
File.open("/dev/zero") {|f| f.ungetbyte(257); p f.read(2) } # => "\x01\x00"
I see no vulnerability so just filing this as a normal bug.
Actions
Like0
Like0