diff options
| author | Yukihiro "Matz" Matsumoto <[email protected]> | 2018-09-19 20:53:32 +0900 |
|---|---|---|
| committer | Yukihiro "Matz" Matsumoto <[email protected]> | 2018-11-19 11:28:51 +0900 |
| commit | afca99a40b8a3415b3a9a0e8fc41c93ddcbb11d8 (patch) | |
| tree | 6ecbeb3c8a562ce64713ccd4d2d6b1d12e6b5fa2 /mrbgems/mruby-range-ext | |
| parent | 426c1f9e0b77a27d5384ccdee7f7a49eef0e2ed0 (diff) | |
| download | mruby-afca99a40b8a3415b3a9a0e8fc41c93ddcbb11d8.tar.gz mruby-afca99a40b8a3415b3a9a0e8fc41c93ddcbb11d8.zip | |
Remove implicit conversion using `to_int` method.
The ISO standard does not include implicit type conversion using
`to_int`. This implicit conversion often causes vulnerability.
There will be no more attacks like #4120.
In addition, we have added internal convenience method `__to_int` which
does type check and conversion (from floats).
Diffstat (limited to 'mrbgems/mruby-range-ext')
| -rw-r--r-- | mrbgems/mruby-range-ext/mrblib/range.rb | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/mrbgems/mruby-range-ext/mrblib/range.rb b/mrbgems/mruby-range-ext/mrblib/range.rb index e5d1fb079..de7925ba7 100644 --- a/mrbgems/mruby-range-ext/mrblib/range.rb +++ b/mrbgems/mruby-range-ext/mrblib/range.rb @@ -15,10 +15,7 @@ class Range raise ArgumentError, "wrong number of arguments (given #{args.length}, expected 1)" unless args.length == 1 nv = args[0] - raise TypeError, "no implicit conversion from nil to integer" if nv.nil? - raise TypeError, "no implicit conversion of #{nv.class} into Integer" unless nv.respond_to?(:to_int) - n = nv.to_int - raise TypeError, "no implicit conversion of #{nv.class} into Integer" unless n.kind_of?(Integer) + n = nv.__to_int raise ArgumentError, "negative array size (or size too big)" unless 0 <= n ary = [] each do |i| |