Project

General

Profile

Actions

Bug #20787

closed

IO#readline does not check its arguments like IO#gets and will read more data than limit

Added by javanthropus (Jeremy Bopp) 3 months ago. Updated about 2 months ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
ruby 3.3.4 (2024-07-09 revision be1089c8ec) [x86_64-linux]
[ruby-core:119470]

Description

In revision d3574c117a637a4456aa3ee78e24d8df510b9355, the implementation of IO#readline was modified and consequently broke argument handling in a subtle way. It no longer checks that the encoding of the separator string is compatible with the internal encoding of the stream. Prior to version 3.3.0, the following script raises an ArgumentError when calling #readline:

require "tempfile"

Tempfile.open(encoding: "utf-8:utf-32le") { |f| f.write("0123456789"); f.rewind; f.readline("\0", 1); }

After 3.3.0, the script will read all the data in the file, in this case 40 bytes, even though the limit argument is 1. Replacing #readline with #gets raises the ArgumentError in all versions.

I'm fairly sure that the failure to check the separator string encoding leads to the incorrect handling of the limit argument.

Actions #1

Updated by nobu (Nobuyoshi Nakada) 3 months ago

  • Description updated (diff)
  • Backport changed from 3.1: UNKNOWN, 3.2: UNKNOWN, 3.3: UNKNOWN to 3.1: DONTNEED, 3.2: DONTNEED, 3.3: REQUIRED

Updated by mame (Yusuke Endoh) about 2 months ago

  • Status changed from Open to Closed
Actions

Also available in: Atom PDF

Like0
Like0Like0