From afca99a40b8a3415b3a9a0e8fc41c93ddcbb11d8 Mon Sep 17 00:00:00 2001
From: "Yukihiro \"Matz\" Matsumoto" <matz@ruby.or.jp>
Date: Wed, 19 Sep 2018 20:53:32 +0900
Subject: Remove implicit conversion using `to_int` method.

The ISO standard does not include implicit type conversion using
`to_int`. This implicit conversion often causes vulnerability.
There will be no more attacks like #4120.

In addition, we have added internal convenience method `__to_int` which
does type check and conversion (from floats).
---
 mrbgems/mruby-range-ext/mrblib/range.rb | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

(limited to 'mrbgems/mruby-range-ext/mrblib')

diff --git a/mrbgems/mruby-range-ext/mrblib/range.rb b/mrbgems/mruby-range-ext/mrblib/range.rb
index e5d1fb079..de7925ba7 100644
--- a/mrbgems/mruby-range-ext/mrblib/range.rb
+++ b/mrbgems/mruby-range-ext/mrblib/range.rb
@@ -15,10 +15,7 @@ class Range
 
     raise ArgumentError, "wrong number of arguments (given #{args.length}, expected 1)" unless args.length == 1
     nv = args[0]
-    raise TypeError, "no implicit conversion from nil to integer" if nv.nil?
-    raise TypeError, "no implicit conversion of #{nv.class} into Integer" unless nv.respond_to?(:to_int)
-    n = nv.to_int
-    raise TypeError, "no implicit conversion of #{nv.class} into Integer" unless n.kind_of?(Integer)
+    n = nv.__to_int
     raise ArgumentError, "negative array size (or size too big)" unless 0 <= n
     ary = []
     each do |i|
-- 
cgit v1.2.3


From 0ad5ba7a0f819cff87460d9b6f5691656ea75ade Mon Sep 17 00:00:00 2001
From: Ryan Lopopolo <rjl@hyperbo.la>
Date: Tue, 9 Jul 2019 01:42:40 -0700
Subject: Add a fast path for Float and Fixnum ranges for Range#max and
 Range#min

If no block is given and the Range has Fixnum or Float endpoints, do not iterate with
each and instead compare the endpoints directly. This implementation passes all of
the applicable specs from Ruby Spec.
---
 mrbgems/mruby-range-ext/mrblib/range.rb | 40 +++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

(limited to 'mrbgems/mruby-range-ext/mrblib')

diff --git a/mrbgems/mruby-range-ext/mrblib/range.rb b/mrbgems/mruby-range-ext/mrblib/range.rb
index de7925ba7..e09b2d096 100644
--- a/mrbgems/mruby-range-ext/mrblib/range.rb
+++ b/mrbgems/mruby-range-ext/mrblib/range.rb
@@ -25,4 +25,44 @@ class Range
     end
     ary
   end
+
+  def max(&block)
+    val = self.first
+    last = self.last
+    return super if block
+
+    # fast path for numerics
+    if (val.kind_of?(Fixnum) || val.kind_of?(Float)) && (last.kind_of?(Fixnum) || last.kind_of?(Float))
+      raise TypeError if exclude_end? && !last.kind_of?(Fixnum)
+      return nil if val > last
+      return nil if val == last && exclude_end?
+
+      max = last
+      max -= 1 if exclude_end?
+      return max
+    end
+
+    # delegate to Enumerable
+    super
+  end
+
+  def min(&block)
+    val = self.first
+    last = self.last
+    return super if block
+
+    # fast path for numerics
+    if (val.kind_of?(Fixnum) || val.kind_of?(Float)) && (last.kind_of?(Fixnum) || last.kind_of?(Float))
+      raise TypeError if exclude_end? && !last.kind_of?(Fixnum)
+      return nil if val > last
+      return nil if val == last && exclude_end?
+
+      min = val
+      min -= 1 if exclude_end?
+      return min
+    end
+
+    # delegate to Enumerable
+    super
+  end
 end
-- 
cgit v1.2.3


From 56929362f58ba5ad3ebe4131a6cc4259e6479dc0 Mon Sep 17 00:00:00 2001
From: Ryan Lopopolo <rjl@hyperbo.la>
Date: Tue, 9 Jul 2019 01:48:15 -0700
Subject: Fix Range#min fast path with exclusive range

---
 mrbgems/mruby-range-ext/mrblib/range.rb | 1 -
 mrbgems/mruby-range-ext/test/range.rb   | 1 +
 2 files changed, 1 insertion(+), 1 deletion(-)

(limited to 'mrbgems/mruby-range-ext/mrblib')

diff --git a/mrbgems/mruby-range-ext/mrblib/range.rb b/mrbgems/mruby-range-ext/mrblib/range.rb
index e09b2d096..a149a57dc 100644
--- a/mrbgems/mruby-range-ext/mrblib/range.rb
+++ b/mrbgems/mruby-range-ext/mrblib/range.rb
@@ -58,7 +58,6 @@ class Range
       return nil if val == last && exclude_end?
 
       min = val
-      min -= 1 if exclude_end?
       return min
     end
 
diff --git a/mrbgems/mruby-range-ext/test/range.rb b/mrbgems/mruby-range-ext/test/range.rb
index 6b135aeff..b56d6b58e 100644
--- a/mrbgems/mruby-range-ext/test/range.rb
+++ b/mrbgems/mruby-range-ext/test/range.rb
@@ -87,6 +87,7 @@ end
 assert('Range#min') do
   # returns the minimum value in the range when called with no arguments
   assert_equal 1, (1..10).min
+  assert_equal 1, (1...10).min
 
   # returns the minimum value in the Float range when called with no arguments
   assert_equal 303.20, (303.20..908.1111).min
-- 
cgit v1.2.3