From c09d250ca148c0efc0167d55885bd20da87b43f7 Mon Sep 17 00:00:00 2001
From: "Yukihiro \"Matz\" Matsumoto" <matz@ruby.or.jp>
Date: Wed, 19 Sep 2018 20:53:32 +0900
Subject: Remove implicit conversion using `to_int` method.

The ISO standard does not include implicit type conversion using
`to_int`. This implicit conversion often causes vulnerability.
There will be no more attacks like #4120.

In addition, we have added internal convenience method `__to_int` which
does type check and conversion (from floats).
---
 mrbgems/mruby-kernel-ext/src/kernel.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'mrbgems/mruby-kernel-ext/src')

diff --git a/mrbgems/mruby-kernel-ext/src/kernel.c b/mrbgems/mruby-kernel-ext/src/kernel.c
index 32d86376a..a60e9a210 100644
--- a/mrbgems/mruby-kernel-ext/src/kernel.c
+++ b/mrbgems/mruby-kernel-ext/src/kernel.c
@@ -93,9 +93,8 @@ mrb_f_method(mrb_state *mrb, mrb_value self)
  *  (<code>0</code>, <code>0b</code>, and <code>0x</code>) are honored.
  *  In any case, strings should be strictly conformed to numeric
  *  representation. This behavior is different from that of
- *  <code>String#to_i</code>.  Non string values will be converted using
- *  <code>to_int</code>, and <code>to_i</code>. Passing <code>nil</code>
- *  raises a TypeError.
+ *  <code>String#to_i</code>.  Non string values will be treated as integers.
+ *  Passing <code>nil</code> raises a TypeError.
  *
  *     Integer(123.999)    #=> 123
  *     Integer("0x1a")     #=> 26
-- 
cgit v1.2.3