Ruby Issue Tracking System

04/09/2024

01:16 AM Ruby Bug #20412: UTF-8 String encoding behavior differs between 3.2, 3.3 and master

@eti
etienne (Étienne Barrié) wrote in #note-3:
> Hey,
> ...
The input size isn't set correctly after your change to the script:
```
➜ ~ ASDF_RUBY_VERSION=3.2.3 ruby repro.eti.rb 1
"RUBY: 3.2.3"
"OK: ciphertext_rbnacl is not valid UTF... bannable (Joe Truba)

04/06/2024

08:58 PM Ruby Bug #20412 (Open): UTF-8 String encoding behavior differs between 3.2, 3.3 and master

When a String that contains only a `\0` byte is mutated by an extension to an invalid UTF-8 sequence, calling `.encode('UTF-8')` does not consistently raise `UndefinedConversionError` across ruby versions. When the string is longer than ... bannable (Joe Truba)

06/05/2023

09:28 PM Ruby Bug #19713 (Rejected): Off-by-one error when computing very large Integer numbers

Ruby computes this Elliptic Curve result incorrectly when using Integer operations, but has the correct result when using Rational:
```
a = 154476802108746166441951315019919837485664325669565431700026634898253202035277999
b = 368751... bannable (Joe Truba)

12/23/2022

12:39 AM Ruby Revision 0e11d2c3 (git): [ruby/openssl] pkey/ec: check private key validity with OpenSSL 3

The behavior of EVP_PKEY_public_check changed between OpenSSL 1.1.1
and 3.0 so that it no longer validates the private key. Instead, private
keys can be validated through EVP_PKEY_private_check and
EVP_PKEY_pairwise_check.
[ky: simplifi... bannable (Joe Truba)

12:39 AM Ruby Revision 13137236 (git): [ruby/openssl] raise when EC_POINT_cmp or EC_GROUP_cmp error instead of returning true

https://github.com/ruby/openssl/commit/e1e8f3cebe bannable (Joe Truba)

12:39 AM Ruby Revision ca7a6b15 (git): [ruby/openssl] pkey/ec: fix ossl_raise() calls using cEC_POINT instead of eEC_POINT

https://github.com/ruby/openssl/commit/b2e9f5e132 bannable (Joe Truba)

11/18/2022

08:03 PM Ruby Bug #19136: OpenSSL::PKey::EC.check_key is useless when linked against OpenSSL 3

I just realized that `ruby/openssl` takes issue reports on the GitHub. Sorry about that! bannable (Joe Truba)

08:00 PM Ruby Bug #19136 (Third Party's Issue): OpenSSL::PKey::EC.check_key is useless when linked against OpenSSL 3

When calling `#check_key` against an `OpenSSL::PKey::EC` instance representing an invalid point for the group, the method always returns true.
I believe this is because OpenSSL 3 deprecated `EC_KEY_check_key`, and the underlying call ... bannable (Joe Truba)

08/14/2019

07:41 PM Ruby Bug #16105 (Closed): heap-use-after-free in String#sub!

#15946 caught my eye, so I ran the reproducer there through a build with AddressSanitizer (ASAN) enabled. It looks like String#sub! still has some corruption going on even after the memmove change.
Reproducer:
```
a = "AAAAAAAAAAAAA... bannable (Joe Truba)

11/05/2018

04:36 PM Ruby Bug #15282 (Closed): Segfault (null pointer dereference) in variable.c iv_index_tbl_make

Reproducer and crash:
~~~
jtruba@dev118:~/rubies/ruby-trunk$ ./ruby -e 'END{n}; END{return}'
-e: unexpected return
-e:1: [BUG] Segmentation fault at 0x0000000000000018
ruby 2.6.0dev (2018-10-31 trunk 65474) [x86_64-linux]
-- Cont... bannable (Joe Truba)