From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Original-To: poffice@blade.nagaokaut.ac.jp Delivered-To: poffice@blade.nagaokaut.ac.jp Received: from kankan.nagaokaut.ac.jp (kankan.nagaokaut.ac.jp [133.44.2.24]) by blade.nagaokaut.ac.jp (Postfix) with ESMTP id 249E0196009D for ; Fri, 3 Jul 2015 18:14:05 +0900 (JST) Received: from funfun.nagaokaut.ac.jp (smtp.nagaokaut.ac.jp [133.44.2.201]) by kankan.nagaokaut.ac.jp (Postfix) with ESMTP id 83661B5D93F for ; Fri, 3 Jul 2015 18:40:01 +0900 (JST) Received: from funfun.nagaokaut.ac.jp (localhost.nagaokaut.ac.jp [127.0.0.1]) by funfun.nagaokaut.ac.jp (Postfix) with ESMTP id AD95397A853 for ; Fri, 3 Jul 2015 18:40:03 +0900 (JST) X-Virus-Scanned: amavisd-new at nagaokaut.ac.jp Authentication-Results: funfun.nagaokaut.ac.jp (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=sendgrid.me Received: from funfun.nagaokaut.ac.jp ([127.0.0.1]) by funfun.nagaokaut.ac.jp (funfun.nagaokaut.ac.jp [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iSHU_zT8SxSU for ; Fri, 3 Jul 2015 18:40:03 +0900 (JST) Received: from voscc.nagaokaut.ac.jp (voscc.nagaokaut.ac.jp [133.44.1.100]) by funfun.nagaokaut.ac.jp (Postfix) with ESMTP id 3AC7397A845 for ; Fri, 3 Jul 2015 18:40:03 +0900 (JST) Received: from neon.ruby-lang.org (neon.ruby-lang.org [221.186.184.75]) by voscc.nagaokaut.ac.jp (Postfix) with ESMTP id D5A68952439 for ; Fri, 3 Jul 2015 18:40:00 +0900 (JST) Received: from [221.186.184.76] (localhost [IPv6:::1]) by neon.ruby-lang.org (Postfix) with ESMTP id 77D8D1204B1; Fri, 3 Jul 2015 18:40:00 +0900 (JST) X-Original-To: ruby-core@ruby-lang.org Delivered-To: ruby-core@ruby-lang.org Received: from o2.heroku.sendgrid.net (o2.heroku.sendgrid.net [67.228.50.55]) by neon.ruby-lang.org (Postfix) with ESMTPS id 4784D1204A8 for ; Fri, 3 Jul 2015 18:39:43 +0900 (JST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sendgrid.me; h=from:to:references:subject:mime-version:content-type:content-transfer-encoding:list-id; s=smtpapi; bh=ZZ2YiX/yfxe8rZiEj6OTEbGf4xk=; b=kESfZFSkhlHYnNhSsY zqhOT1pCY190WynkBbDZyAdu4dAycniX+1itxV+fXV4AHt0pjlj4OqW100vxR00u IQUHLMbvkJ0BaJausWY6GDb4xV+on7JH1X6UgyKx5yuPMZvSlzGz4l1HRa7V7LeQ M8JP/1Gp4+2oCsBSWKVS7DYYU= Received: by filter0825p1mdw1.sendgrid.net with SMTP id filter0825p1mdw1.18646.5596585B5 2015-07-03 09:39:39.942684943 +0000 UTC Received: from herokuapp.com (ec2-54-159-37-122.compute-1.amazonaws.com [54.159.37.122]) by ismtpd-046 (SG) with ESMTP id 14e53492781.6f29.37270c for ; Fri, 03 Jul 2015 09:39:40 +0000 (UTC) Date: Fri, 03 Jul 2015 09:39:40 +0000 From: usa@garbagecollect.jp To: ruby-core@ruby-lang.org Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Redmine-MailingListIntegration-Message-Ids: 44455 X-Redmine-Project: ruby-trunk X-Redmine-Issue-Id: 11192 X-Redmine-Issue-Author: cremno X-Redmine-Sender: usa X-Mailer: Redmine X-Redmine-Host: bugs.ruby-lang.org X-Redmine-Site: Ruby Issue Tracking System X-Auto-Response-Suppress: All Auto-Submitted: auto-generated X-SG-EID: ync6xU2WACa70kv/Ymy4QrNMhiuLXJG8OTL2vJD1yS7ofE/yoL0i4zSxnR2rk4nxgP3uSRr9rDHOjx IaSlrDnWoxN+F8nuMPLIf4PPeMtS0PYCkCb5Lq/AvoiD5A35M5QNaXqz9IDW0WwaC53uwcEcuGQBsY oyQW6w4aEYi141EbpVb1I8wkl3ecoPOmGRnZ X-ML-Name: ruby-core X-Mail-Count: 69856 Subject: [ruby-core:69856] [Ruby trunk - Bug #11192] capture group special variable with large index invokes UB X-BeenThere: ruby-core@ruby-lang.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: Ruby developers List-Id: Ruby developers List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: ruby-core-bounces@ruby-lang.org Sender: "ruby-core" Issue #11192 has been updated by Usaku NAKAMURA. Backport changed from 2.0.0: WONTFIX, 2.1: REQUIRED, 2.2: REQUIRED to 2.0.0: WONTFIX, 2.1: DONE, 2.2: REQUIRED ruby_2_1 r51122 merged revision(s) 50671. ---------------------------------------- Bug #11192: capture group special variable with large index invokes UB https://bugs.ruby-lang.org/issues/11192#change-53257 * Author: cremno phobia * Status: Closed * Priority: Normal * Assignee: * ruby -v: * Backport: 2.0.0: WONTFIX, 2.1: DONE, 2.2: REQUIRED ---------------------------------------- ~~~ $ ruby --dump=parsetree -e "$9999999999" ########################################################### ## Do NOT use this node dump for any purpose other than ## ## debug and research. Compatibility is not guaranteed. ## ########################################################### # @ NODE_SCOPE (line: 1) # +- nd_tbl: (empty) # +- nd_args: # | (null node) # +- nd_body: # @ NODE_NTH_REF (line: 1) # +- nd_nth: $1410065407 ~~~ The culprit is [this line](https://github.com/ruby/ruby/blob/4d059bf9f5f10f3d3088de49fc87e5555db7770d/parse.y#L7673) in `parse.y` which contains a call to `atoi()`. A simple, non-intrusive fix could be calling a function with well-defined behavior when the resulting value can't be represented instead (such as `strtoul()`) and of course also adding a range check. But perhaps a syntax error is undesired here. -- https://bugs.ruby-lang.org/