Ruby » Ruby master

Time.new seems to be performing some sort of argument checking, but I found some strings that can bypass this validation and craft erroneous Time value.

• month

'12'.upto('20').each do |m|
  str = "2023-#{m}-01"
  puts str
  begin
    p Time.new str
  rescue => e
    p e
  end
  puts
end

# result
2023-12-01
2023-12-01 00:00:00 +0900

2023-13-01
#<ArgumentError: mon out of range>

2023-14-01
#<ArgumentError: mon out of range>

2023-15-01
#<ArgumentError: mon out of range>

2023-16-01
#<ArgumentError: mon out of range>

2023-17-01
2023-01-01 00:00:00 +0900

2023-18-01
2023-02-01 00:00:00 +0900

2023-19-01
2023-03-01 00:00:00 +0900

2023-20-01
2023-04-01 00:00:00 +0900

• day

$ ruby -e 'p Time.new("2023-01-31")'
2023-01-31 00:00:00 +0900

$ ruby -e 'p Time.new("2023-01-32")'
<internal:timev>:398:in `initialize': mday out of range (ArgumentError)
	from -e:1:in `new'
	from -e:1:in `<main>'

$ ruby -e 'p Time.new("2023-01-33")'
2023-01-01 00:00:00 +0900

$ ruby -e 'p Time.new("2023-01-34")
2023-01-02 00:00:00 +0900

In conclusion, month seeems to raise only when the given value is <= 16, and day seems to be checked for <= 32 only.