Actions
Bug #20787
closedIO#readline does not check its arguments like IO#gets and will read more data than limit
Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
ruby 3.3.4 (2024-07-09 revision be1089c8ec) [x86_64-linux]
Description
In revision d3574c117a637a4456aa3ee78e24d8df510b9355, the implementation of IO#readline was modified and consequently broke argument handling in a subtle way. It no longer checks that the encoding of the separator string is compatible with the internal encoding of the stream. Prior to version 3.3.0, the following script raises an ArgumentError when calling #readline:
require "tempfile"
Tempfile.open(encoding: "utf-8:utf-32le") { |f| f.write("0123456789"); f.rewind; f.readline("\0", 1); }
After 3.3.0, the script will read all the data in the file, in this case 40 bytes, even though the limit argument is 1. Replacing #readline with #gets raises the ArgumentError in all versions.
I'm fairly sure that the failure to check the separator string encoding leads to the incorrect handling of the limit argument.
Updated by nobu (Nobuyoshi Nakada) 3 months ago
- Description updated (diff)
- Backport changed from 3.1: UNKNOWN, 3.2: UNKNOWN, 3.3: UNKNOWN to 3.1: DONTNEED, 3.2: DONTNEED, 3.3: REQUIRED
Updated by mame (Yusuke Endoh) about 2 months ago
- Status changed from Open to Closed
Actions
Like0
Like0Like0