Project

General

Profile

Actions

Bug #19296

closed

Time.new's argument check is incomplete

Added by matsuda (Akira Matsuda) almost 2 years ago. Updated almost 2 years ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
ruby 3.3.0dev (2023-01-01T07:39:00Z master 542e984d82) +YJIT [arm64-darwin21]
[ruby-core:111571]

Description

Time.new seems to be performing some sort of argument checking, but I found some strings that can bypass this validation and craft erroneous Time value.

  • month
'12'.upto('20').each do |m|
  str = "2023-#{m}-01"
  puts str
  begin
    p Time.new str
  rescue => e
    p e
  end
  puts
end
# result
2023-12-01
2023-12-01 00:00:00 +0900

2023-13-01
#<ArgumentError: mon out of range>

2023-14-01
#<ArgumentError: mon out of range>

2023-15-01
#<ArgumentError: mon out of range>

2023-16-01
#<ArgumentError: mon out of range>

2023-17-01
2023-01-01 00:00:00 +0900

2023-18-01
2023-02-01 00:00:00 +0900

2023-19-01
2023-03-01 00:00:00 +0900

2023-20-01
2023-04-01 00:00:00 +0900
  • day
$ ruby -e 'p Time.new("2023-01-31")'
2023-01-31 00:00:00 +0900

$ ruby -e 'p Time.new("2023-01-32")'
<internal:timev>:398:in `initialize': mday out of range (ArgumentError)
	from -e:1:in `new'
	from -e:1:in `<main>'

$ ruby -e 'p Time.new("2023-01-33")'
2023-01-01 00:00:00 +0900

$ ruby -e 'p Time.new("2023-01-34")
2023-01-02 00:00:00 +0900

In conclusion, month seeems to raise only when the given value is <= 16, and day seems to be checked for <= 32 only.


Related issues 1 (0 open1 closed)

Related to Ruby master - Feature #18033: Time.new to parse a stringClosedActions

Updated by nobu (Nobuyoshi Nakada) almost 2 years ago

  • Backport changed from 2.7: UNKNOWN, 3.0: UNKNOWN, 3.1: UNKNOWN, 3.2: UNKNOWN to 2.7: DONTNEED, 3.0: DONTNEED, 3.1: DONTNEED, 3.2: REQUIRED
Actions #2

Updated by nobu (Nobuyoshi Nakada) almost 2 years ago

  • Status changed from Open to Closed

Applied in changeset git|5be0d42d2c4dc765230c76738289560f9ee37f09.


[Bug #19296] Precheck bits of time components

Updated by naruse (Yui NARUSE) almost 2 years ago

  • Backport changed from 2.7: DONTNEED, 3.0: DONTNEED, 3.1: DONTNEED, 3.2: REQUIRED to 2.7: DONTNEED, 3.0: DONTNEED, 3.1: DONTNEED, 3.2: DONE

ruby_3_2 52ea5ea9906c3a96c60a68e01b303672602a6832 merged revision(s) 291a4098cf649c027cb50c16b872455f26ad1dfb,5be0d42d2c4dc765230c76738289560f9ee37f09.

Actions #4

Updated by Eregon (Benoit Daloze) 2 months ago

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0