Project

General

Profile

Actions

Backport #2707

closed

Denial of Service with Date>> operator for large numbers of n

Added by zev (Zev Blut) almost 15 years ago. Updated over 13 years ago.


Description

=begin
I am not sure this is a realistic issue, but my colleagues and I discovered a fun way to consume cpu for a long time.

For any n >= 1e16

ruby -v
ruby 1.8.6 (2009-06-08 patchlevel 369) [i686-linux]

require 'date'
n = 1e16
Date.today >> (n* 12)

On 1.9 this might not be a problem:
ruby -v
ruby 1.9.1p243 (2009-07-16 revision 24175) [i686-linux]

ruby-1.9.1-p243 > RUBY_VERSION
=> "1.9.1"
ruby-1.9.1-p243 > require 'date'
=> true
ruby-1.9.1-p243 > n = 1e16
=> 1.0e+16
ruby-1.9.1-p243 > Date.today >> (n* 12)
NoMethodError: undefined method +' for nil:NilClass from /home/zblut/.rvm/ruby-1.9.1-p243/lib/ruby/1.9.1/date.rb:620:in _valid_civil?'
from /home/zblut/.rvm/ruby-1.9.1-p243/lib/ruby/1.9.1/date.rb:1410:in >>' from (irb):4 from /home/zblut/.rvm/ruby-1.9.1-p243/bin/irb:15:in '
ruby-1.9.1-p243 > n = 1e15
=> 1.0e+15
ruby-1.9.1-p243 > Date.today >> (n* 12)
=> #<Date: 1000000000002010-01-03 (730485000004910427/2,0,2299161)>
=end

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0