merge revision(s) 58040,58041:

stringio.c: check character code

	* ext/stringio/stringio.c (strio_ungetc): check if the character
	  code is valid in the encoding.  reported by Ahmad Sherif
	  (ahmadsherif) at https://hackerone.com/reports/209593.
	stringio.c: check range

	* ext/stringio/stringio.c (strio_ungetc): raise RangeError instead
	  of TypeError at too big value, as well as IO#ungetc.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@58052 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

ext/stringio/stringio.c

@@ -767,13 +767,15 @@ strio_ungetc(VALUE self, VALUE c)
 
     check_modifiable(ptr);
     if (NIL_P(c)) return Qnil;
-    if (FIXNUM_P(c)) {
-	int cc = FIX2INT(c);
+    if (RB_INTEGER_TYPE_P(c)) {
+	int len, cc = NUM2INT(c);
 	char buf[16];
 
 	enc = rb_enc_get(ptr->string);
+	len = rb_enc_codelen(cc, enc);
+	if (len <= 0) rb_enc_uint_chr(cc, enc);
 	rb_enc_mbcput(cc, buf, enc);
-	return strio_unget_bytes(ptr, buf, rb_enc_codelen(cc, enc));
+	return strio_unget_bytes(ptr, buf, len);
     }
     else {
 	SafeStringValue(c);

test/stringio/test_stringio.rb

@@ -453,6 +453,9 @@ class TestStringIO < Test::Unit::TestCase
     f.ungetc("y".ord)
     assert_equal("y", f.getc)
     assert_equal("2", f.getc)
+
+    assert_raise(RangeError) {f.ungetc(0x1ffffff)}
+    assert_raise(RangeError) {f.ungetc(0xffffffffffffff)}
   ensure
     f.close unless f.closed?
   end

version.h

@@ -1,6 +1,6 @@
 #define RUBY_VERSION "2.4.1"
 #define RUBY_RELEASE_DATE "2017-03-22"
-#define RUBY_PATCHLEVEL 110
+#define RUBY_PATCHLEVEL 111
 
 #define RUBY_RELEASE_YEAR 2017
 #define RUBY_RELEASE_MONTH 3