From afca99a40b8a3415b3a9a0e8fc41c93ddcbb11d8 Mon Sep 17 00:00:00 2001
From: "Yukihiro \"Matz\" Matsumoto" <matz@ruby.or.jp>
Date: Wed, 19 Sep 2018 20:53:32 +0900
Subject: Remove implicit conversion using `to_int` method.

The ISO standard does not include implicit type conversion using
`to_int`. This implicit conversion often causes vulnerability.
There will be no more attacks like #4120.

In addition, we have added internal convenience method `__to_int` which
does type check and conversion (from floats).
---
 mrblib/array.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'mrblib')

diff --git a/mrblib/array.rb b/mrblib/array.rb
index 53d880660..a677b2a1f 100644
--- a/mrblib/array.rb
+++ b/mrblib/array.rb
@@ -66,7 +66,7 @@ class Array
   #
   # ISO 15.2.12.5.15
   def initialize(size=0, obj=nil, &block)
-    raise TypeError, "expected Integer for 1st argument" unless size.kind_of? Integral
+    size = size.__to_int
     raise ArgumentError, "negative array size" if size < 0
 
     self.clear
-- 
cgit v1.2.3