* [ruby-core:119470] [Ruby master Bug#20787] IO#readline does not check its arguments like IO#gets and will read more data than limit
@ 2024-10-06 18:53 javanthropus (Jeremy Bopp) via ruby-core
2024-11-05 6:29 ` [ruby-core:119716] " mame (Yusuke Endoh) via ruby-core
2025-01-15 1:39 ` [ruby-core:120675] " k0kubun (Takashi Kokubun) via ruby-core
0 siblings, 2 replies; 3+ messages in thread
From: javanthropus (Jeremy Bopp) via ruby-core @ 2024-10-06 18:53 UTC (permalink / raw)
To: ruby-core; +Cc: javanthropus (Jeremy Bopp)
Issue #20787 has been reported by javanthropus (Jeremy Bopp).
----------------------------------------
Bug #20787: IO#readline does not check its arguments like IO#gets and will read more data than limit
https://bugs.ruby-lang.org/issues/20787
* Author: javanthropus (Jeremy Bopp)
* Status: Open
* ruby -v: ruby 3.3.4 (2024-07-09 revision be1089c8ec) [x86_64-linux]
* Backport: 3.1: UNKNOWN, 3.2: UNKNOWN, 3.3: UNKNOWN
----------------------------------------
In revision d3574c117a637a4456aa3ee78e24d8df510b9355, the implementation of IO#readline was modified and consequently broke argument handling in a subtle way. It no longer checks that the encoding of the separator string is compatible with the internal encoding of the stream. Prior to version 3.3.0, the following script raises an ArgumentError when calling #readline:
```ruby
require "tempfile"
Tempfile.open(encoding: "utf-8:utf-32le") { |f| f.write("0123456789"); f.rewind; f.readline("\0", 1); }
```
After 3.3.0, the script will read all the data in the file, in this case 40 bytes, even though the limit argument is 1. Replacing #readline with #gets raises the ArgumentError in all versions.
I'm fairly sure that the failure to check the separator string encoding leads to the incorrect handling of the limit argument.
--
https://bugs.ruby-lang.org/
______________________________________________
ruby-core mailing list -- ruby-core@ml.ruby-lang.org
To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
ruby-core info -- https://ml.ruby-lang.org/mailman3/lists/ruby-core.ml.ruby-lang.org/
^ permalink raw reply [flat|nested] 3+ messages in thread
* [ruby-core:119716] [Ruby master Bug#20787] IO#readline does not check its arguments like IO#gets and will read more data than limit
2024-10-06 18:53 [ruby-core:119470] [Ruby master Bug#20787] IO#readline does not check its arguments like IO#gets and will read more data than limit javanthropus (Jeremy Bopp) via ruby-core
@ 2024-11-05 6:29 ` mame (Yusuke Endoh) via ruby-core
2025-01-15 1:39 ` [ruby-core:120675] " k0kubun (Takashi Kokubun) via ruby-core
1 sibling, 0 replies; 3+ messages in thread
From: mame (Yusuke Endoh) via ruby-core @ 2024-11-05 6:29 UTC (permalink / raw)
To: ruby-core; +Cc: mame (Yusuke Endoh)
Issue #20787 has been updated by mame (Yusuke Endoh).
Status changed from Open to Closed
Fixed by commit:773d140f65c1c8b726e107915bc003c186f38677
----------------------------------------
Bug #20787: IO#readline does not check its arguments like IO#gets and will read more data than limit
https://bugs.ruby-lang.org/issues/20787#change-110381
* Author: javanthropus (Jeremy Bopp)
* Status: Closed
* ruby -v: ruby 3.3.4 (2024-07-09 revision be1089c8ec) [x86_64-linux]
* Backport: 3.1: DONTNEED, 3.2: DONTNEED, 3.3: REQUIRED
----------------------------------------
In revision commit:d3574c117a637a4456aa3ee78e24d8df510b9355, the implementation of IO#readline was modified and consequently broke argument handling in a subtle way. It no longer checks that the encoding of the separator string is compatible with the internal encoding of the stream. Prior to version 3.3.0, the following script raises an ArgumentError when calling #readline:
```ruby
require "tempfile"
Tempfile.open(encoding: "utf-8:utf-32le") { |f| f.write("0123456789"); f.rewind; f.readline("\0", 1); }
```
After 3.3.0, the script will read all the data in the file, in this case 40 bytes, even though the limit argument is 1. Replacing #readline with #gets raises the ArgumentError in all versions.
I'm fairly sure that the failure to check the separator string encoding leads to the incorrect handling of the limit argument.
--
https://bugs.ruby-lang.org/
______________________________________________
ruby-core mailing list -- ruby-core@ml.ruby-lang.org
To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
ruby-core info -- https://ml.ruby-lang.org/mailman3/lists/ruby-core.ml.ruby-lang.org/
^ permalink raw reply [flat|nested] 3+ messages in thread
* [ruby-core:120675] [Ruby master Bug#20787] IO#readline does not check its arguments like IO#gets and will read more data than limit
2024-10-06 18:53 [ruby-core:119470] [Ruby master Bug#20787] IO#readline does not check its arguments like IO#gets and will read more data than limit javanthropus (Jeremy Bopp) via ruby-core
2024-11-05 6:29 ` [ruby-core:119716] " mame (Yusuke Endoh) via ruby-core
@ 2025-01-15 1:39 ` k0kubun (Takashi Kokubun) via ruby-core
1 sibling, 0 replies; 3+ messages in thread
From: k0kubun (Takashi Kokubun) via ruby-core @ 2025-01-15 1:39 UTC (permalink / raw)
To: ruby-core; +Cc: k0kubun (Takashi Kokubun)
Issue #20787 has been updated by k0kubun (Takashi Kokubun).
Backport changed from 3.1: DONTNEED, 3.2: DONTNEED, 3.3: REQUIRED to 3.1: DONTNEED, 3.2: DONTNEED, 3.3: DONE
ruby_3_3 commit:233014639793cb6c8650a9b17d37bc09c662d430 merged revision(s) commit:773d140f65c1c8b726e107915bc003c186f38677.
----------------------------------------
Bug #20787: IO#readline does not check its arguments like IO#gets and will read more data than limit
https://bugs.ruby-lang.org/issues/20787#change-111498
* Author: javanthropus (Jeremy Bopp)
* Status: Closed
* ruby -v: ruby 3.3.4 (2024-07-09 revision be1089c8ec) [x86_64-linux]
* Backport: 3.1: DONTNEED, 3.2: DONTNEED, 3.3: DONE
----------------------------------------
In revision commit:d3574c117a637a4456aa3ee78e24d8df510b9355, the implementation of IO#readline was modified and consequently broke argument handling in a subtle way. It no longer checks that the encoding of the separator string is compatible with the internal encoding of the stream. Prior to version 3.3.0, the following script raises an ArgumentError when calling #readline:
```ruby
require "tempfile"
Tempfile.open(encoding: "utf-8:utf-32le") { |f| f.write("0123456789"); f.rewind; f.readline("\0", 1); }
```
After 3.3.0, the script will read all the data in the file, in this case 40 bytes, even though the limit argument is 1. Replacing #readline with #gets raises the ArgumentError in all versions.
I'm fairly sure that the failure to check the separator string encoding leads to the incorrect handling of the limit argument.
--
https://bugs.ruby-lang.org/
______________________________________________
ruby-core mailing list -- ruby-core@ml.ruby-lang.org
To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
ruby-core info -- https://ml.ruby-lang.org/mailman3/lists/ruby-core.ml.ruby-lang.org/
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-01-15 1:39 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-10-06 18:53 [ruby-core:119470] [Ruby master Bug#20787] IO#readline does not check its arguments like IO#gets and will read more data than limit javanthropus (Jeremy Bopp) via ruby-core
2024-11-05 6:29 ` [ruby-core:119716] " mame (Yusuke Endoh) via ruby-core
2025-01-15 1:39 ` [ruby-core:120675] " k0kubun (Takashi Kokubun) via ruby-core
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).