From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Original-To: poffice@blade.nagaokaut.ac.jp Delivered-To: poffice@blade.nagaokaut.ac.jp Received: from kankan.nagaokaut.ac.jp (kankan.nagaokaut.ac.jp [133.44.2.24]) by blade.nagaokaut.ac.jp (Postfix) with ESMTP id 547F1196009D for ; Sat, 4 Jul 2015 04:05:53 +0900 (JST) Received: from funfun.nagaokaut.ac.jp (smtp.nagaokaut.ac.jp [133.44.2.201]) by kankan.nagaokaut.ac.jp (Postfix) with ESMTP id 34A5CB5D839 for ; Sat, 4 Jul 2015 04:31:56 +0900 (JST) Received: from funfun.nagaokaut.ac.jp (localhost.nagaokaut.ac.jp [127.0.0.1]) by funfun.nagaokaut.ac.jp (Postfix) with ESMTP id 8DEE597A82C for ; Sat, 4 Jul 2015 04:31:56 +0900 (JST) X-Virus-Scanned: amavisd-new at nagaokaut.ac.jp Authentication-Results: funfun.nagaokaut.ac.jp (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=sendgrid.me Received: from funfun.nagaokaut.ac.jp ([127.0.0.1]) by funfun.nagaokaut.ac.jp (funfun.nagaokaut.ac.jp [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MHTXdTvHt28N for ; Sat, 4 Jul 2015 04:31:56 +0900 (JST) Received: from voscc.nagaokaut.ac.jp (voscc.nagaokaut.ac.jp [133.44.1.100]) by funfun.nagaokaut.ac.jp (Postfix) with ESMTP id 527E597A826 for ; Sat, 4 Jul 2015 04:31:56 +0900 (JST) Received: from neon.ruby-lang.org (neon.ruby-lang.org [221.186.184.75]) by voscc.nagaokaut.ac.jp (Postfix) with ESMTP id D186A952439 for ; Sat, 4 Jul 2015 04:31:55 +0900 (JST) Received: from [221.186.184.76] (localhost [IPv6:::1]) by neon.ruby-lang.org (Postfix) with ESMTP id 8ECE812045D; Sat, 4 Jul 2015 04:31:54 +0900 (JST) X-Original-To: ruby-core@ruby-lang.org Delivered-To: ruby-core@ruby-lang.org Received: from o2.heroku.sendgrid.net (o2.heroku.sendgrid.net [67.228.50.55]) by neon.ruby-lang.org (Postfix) with ESMTPS id 7DEBB120411 for ; Sat, 4 Jul 2015 04:31:47 +0900 (JST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sendgrid.me; h=from:to:references:subject:mime-version:content-type:content-transfer-encoding:list-id; s=smtpapi; bh=Mrs6nmKkvHaDIUy7BZi0Vm7IxxE=; b=YpioOpCgrf6l6q/pru QU01dp/PTQYKwyH/AmRMLtkPJJPKlxqOVEo1oLzHqkDKBKqIbHcnzRGTUcnH/Vll yMzA3IMH4u3x5r4dCAogXgiApD6zSkgh/zF4ROODt5tVcPaAcT7iv+FGr7O4suNc wVWmJhDXHkj1fIpM0YvJtxgoY= Received: by filter0490p1mdw1.sendgrid.net with SMTP id filter0490p1mdw1.3484.5596E31B18 2015-07-03 19:31:39.956326593 +0000 UTC Received: from herokuapp.com (ec2-54-158-46-56.compute-1.amazonaws.com [54.158.46.56]) by ismtpd-016 (SG) with ESMTP id 14e556724f9.5b62.58d74d for ; Fri, 03 Jul 2015 19:31:39 +0000 (UTC) Date: Fri, 03 Jul 2015 19:31:39 +0000 From: nagachika00@gmail.com To: ruby-core@ruby-lang.org Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Redmine-MailingListIntegration-Message-Ids: 44462 X-Redmine-Project: ruby-trunk X-Redmine-Issue-Id: 11192 X-Redmine-Issue-Author: cremno X-Redmine-Sender: nagachika X-Mailer: Redmine X-Redmine-Host: bugs.ruby-lang.org X-Redmine-Site: Ruby Issue Tracking System X-Auto-Response-Suppress: All Auto-Submitted: auto-generated X-SG-EID: ync6xU2WACa70kv/Ymy4QrNMhiuLXJG8OTL2vJD1yS6uffEpYz/uJaEHYImFOmFhifEe//m20ZWomD dLCMHSAAwf86UqT79FQrqG05r+GI1LIk1QmOIoV0tcsoEp/ah0Ry1uoDHYEkk1Tzx0JZLoKrPVRTX4 ZNqCIZl7UDWfYY7iyRA1bYRAJM+5vPK5TJpp X-ML-Name: ruby-core X-Mail-Count: 69861 Subject: [ruby-core:69861] [Ruby trunk - Bug #11192] capture group special variable with large index invokes UB X-BeenThere: ruby-core@ruby-lang.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: Ruby developers List-Id: Ruby developers List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: ruby-core-bounces@ruby-lang.org Sender: "ruby-core" Issue #11192 has been updated by Tomoyuki Chikanaga. Backport changed from 2.0.0: WONTFIX, 2.1: DONE, 2.2: REQUIRED to 2.0.0: WONTFIX, 2.1: DONE, 2.2: DONE Backported into `ruby_2_2` branch at r51132. ---------------------------------------- Bug #11192: capture group special variable with large index invokes UB https://bugs.ruby-lang.org/issues/11192#change-53265 * Author: cremno phobia * Status: Closed * Priority: Normal * Assignee: * ruby -v: * Backport: 2.0.0: WONTFIX, 2.1: DONE, 2.2: DONE ---------------------------------------- ~~~ $ ruby --dump=parsetree -e "$9999999999" ########################################################### ## Do NOT use this node dump for any purpose other than ## ## debug and research. Compatibility is not guaranteed. ## ########################################################### # @ NODE_SCOPE (line: 1) # +- nd_tbl: (empty) # +- nd_args: # | (null node) # +- nd_body: # @ NODE_NTH_REF (line: 1) # +- nd_nth: $1410065407 ~~~ The culprit is [this line](https://github.com/ruby/ruby/blob/4d059bf9f5f10f3d3088de49fc87e5555db7770d/parse.y#L7673) in `parse.y` which contains a call to `atoi()`. A simple, non-intrusive fix could be calling a function with well-defined behavior when the resulting value can't be represented instead (such as `strtoul()`) and of course also adding a range check. But perhaps a syntax error is undesired here. -- https://bugs.ruby-lang.org/