From 57900d809f7dac7f450eadd475ad225a6cca39cb Mon Sep 17 00:00:00 2001 From: "Yukihiro \"Matz\" Matsumoto" Date: Thu, 17 Nov 2016 18:02:10 +0900 Subject: String#include? does not take integers --- test/t/string.rb | 2 -- 1 file changed, 2 deletions(-) (limited to 'test/t/string.rb') diff --git a/test/t/string.rb b/test/t/string.rb index fbaada451..e67389b5c 100644 --- a/test/t/string.rb +++ b/test/t/string.rb @@ -381,8 +381,6 @@ assert('String#hash', '15.2.10.5.20') do end assert('String#include?', '15.2.10.5.21') do - assert_true 'abc'.include?(97) - assert_false 'abc'.include?(100) assert_true 'abc'.include?('a') assert_false 'abc'.include?('d') end -- cgit v1.2.3 From 76a1bdfa29469576112a41b78a132b785616a3f9 Mon Sep 17 00:00:00 2001 From: Clayton Smith Date: Wed, 16 Nov 2016 10:10:14 -0500 Subject: Get String length after args in String#chomp! Fixes RCE issue Reported by @bouk --- src/string.c | 4 +++- test/t/string.rb | 14 +++++++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) (limited to 'test/t/string.rb') diff --git a/src/string.c b/src/string.c index 5e490bf03..f47294291 100644 --- a/src/string.c +++ b/src/string.c @@ -1235,11 +1235,13 @@ mrb_str_chomp_bang(mrb_state *mrb, mrb_value str) char *p, *pp; mrb_int rslen; mrb_int len; + mrb_int argc; struct RString *s = mrb_str_ptr(str); mrb_str_modify(mrb, s); + argc = mrb_get_args(mrb, "|S", &rs); len = RSTR_LEN(s); - if (mrb_get_args(mrb, "|S", &rs) == 0) { + if (argc == 0) { if (len == 0) return mrb_nil_value(); smart_chomp: if (RSTR_PTR(s)[len-1] == '\n') { diff --git a/test/t/string.rb b/test/t/string.rb index e67389b5c..80fcbe6fa 100644 --- a/test/t/string.rb +++ b/test/t/string.rb @@ -251,6 +251,19 @@ assert('String#chomp!', '15.2.10.5.10') do assert_equal 'abc', e end +assert('String#chomp! uses the correct length') do + class A + def to_str + $s.replace("AA") + "A" + end + end + + $s = "AAA" + $s.chomp!(A.new) + assert_equal $s, "A" +end + assert('String#chop', '15.2.10.5.11') do a = ''.chop b = 'abc'.chop @@ -683,4 +696,3 @@ assert('String#freeze') do assert_raise(RuntimeError) { str.upcase! } end - -- cgit v1.2.3 From 868d2e528fce86f380a2d099877f6cb8ffd1ff69 Mon Sep 17 00:00:00 2001 From: Clayton Smith Date: Thu, 15 Dec 2016 09:36:22 -0500 Subject: Fix crash when exponent is -2147483648 --- src/string.c | 9 ++++++++- test/t/string.rb | 4 ++++ 2 files changed, 12 insertions(+), 1 deletion(-) (limited to 'test/t/string.rb') diff --git a/src/string.c b/src/string.c index 0049fdd5b..ce27cdaa1 100644 --- a/src/string.c +++ b/src/string.c @@ -2868,7 +2868,11 @@ mrb_float_read(const char *string, char **endPtr) mantSize -= 1; /* One of the digits was the point. */ } if (mantSize > 18) { - fracExp = decPt - 18; + if (decPt - 18 > 29999) { + fracExp = 29999; + } else { + fracExp = decPt - 18; + } mantSize = 18; } else { fracExp = decPt - mantSize; @@ -2922,6 +2926,9 @@ mrb_float_read(const char *string, char **endPtr) } while (isdigit(*p)) { exp = exp * 10 + (*p - '0'); + if (exp > 19999) { + exp = 19999; + } p += 1; } } diff --git a/test/t/string.rb b/test/t/string.rb index 80fcbe6fa..20dc49d92 100644 --- a/test/t/string.rb +++ b/test/t/string.rb @@ -596,10 +596,14 @@ assert('String#to_f', '15.2.10.5.38') do a = ''.to_f b = '123456789'.to_f c = '12345.6789'.to_f + d = '1e-2147483648'.to_f + e = '1e2147483648'.to_f assert_float(0.0, a) assert_float(123456789.0, b) assert_float(12345.6789, c) + assert_float(0, d) + assert_float(Float::INFINITY, e) end assert('String#to_i', '15.2.10.5.39') do -- cgit v1.2.3