ruby--ruby/spec/ruby/security/cve_2018_8778_spec.rb

require_relative '../spec_helper'

describe "String#unpack" do

  it "resists CVE-2018-8778 by raising an exception when a position indicator is larger than a native integer" do
    pos = (1 << PlatformGuard::POINTER_SIZE) - 99
    lambda {
      "0123456789".unpack("@#{pos}C10")
    }.should raise_error(RangeError, /pack length too big/)
  end

end
Update to ruby/spec@6f38a82 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63293 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-04-28 15:50:06 -04:00			`require_relative '../spec_helper'`

			`describe "String#unpack" do`

			`it "resists CVE-2018-8778 by raising an exception when a position indicator is larger than a native integer" do`
			`pos = (1 << PlatformGuard::POINTER_SIZE) - 99`
			`lambda {`
			`"0123456789".unpack("@#{pos}C10")`
			`}.should raise_error(RangeError, /pack length too big/)`
			`end`

			`end`