marshal.c: Numerics are not tainted

* include/ruby/ruby.h (OBJ_TAINTABLE, OBJ_TAINT, OBJ_INFECT), marshal.c (r_entry0): all Numerics never be tainted now. [ruby-core:57346] [Bug #8945] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44891 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2014-02-08 17:13:55 +00:00 · 2014-02-08 17:13:55 +00:00 · cc1910b542
commit cc1910b542
parent 85b1671b42
4 changed files with 23 additions and 7 deletions
--- a/6
+++ b/6
@ -1,3 +1,9 @@
+Sun Feb  9 02:13:53 2014  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* include/ruby/ruby.h (OBJ_TAINTABLE, OBJ_TAINT, OBJ_INFECT),
+	  marshal.c (r_entry0): all Numerics never be tainted now.
+	  [ruby-core:57346] [Bug #8945]
+
 Sat Feb  8 23:40:35 2014  Vit Ondruch  <vondruch@redhat.com>

 	* configure.in: add qouting brackets and append wildcard for the
--- a/include/ruby/ruby.h
+++ b/include/ruby/ruby.h
@ -1175,14 +1175,14 @@ struct RBignum {
 #define FL_UNSET(x,f) do {if (FL_ABLE(x)) RBASIC(x)->flags &= ~(f);} while (0)
 #define FL_REVERSE(x,f) do {if (FL_ABLE(x)) RBASIC(x)->flags ^= (f);} while (0)

+#define OBJ_TAINTABLE(x) (FL_ABLE(x) && BUILTIN_TYPE(x) != T_BIGNUM && BUILTIN_TYPE(x) != T_FLOAT)
 #define OBJ_TAINTED(x) (!!FL_TEST((x), FL_TAINT))
-#define OBJ_TAINT(x) FL_SET((x), FL_TAINT)
+#define OBJ_TAINT(x) (OBJ_TAINTABLE(x) ? (RBASIC(x)->flags |= FL_TAINT) : 0)
 #define OBJ_UNTRUSTED(x) OBJ_TAINTED(x)
 #define OBJ_UNTRUST(x) OBJ_TAINT(x)
-#define OBJ_INFECT(x,s) do { \
-  if (FL_ABLE(x) && FL_ABLE(s)) \
-    RBASIC(x)->flags |= RBASIC(s)->flags & FL_TAINT; \
-} while (0)
+#define OBJ_INFECT(x,s) ( \
+    (OBJ_TAINTABLE(x) && FL_ABLE(s)) ? \
+    RBASIC(x)->flags |= RBASIC(s)->flags & FL_TAINT : 0)

 #define OBJ_FROZEN(x) (!!(FL_ABLE(x)?(RBASIC(x)->flags&(FL_FREEZE)):(FIXNUM_P(x)||FLONUM_P(x)||SYMBOL_P(x))))
 #define OBJ_FREEZE(x) FL_SET((x), FL_FREEZE)
--- a/marshal.c
+++ b/marshal.c
@ -1356,9 +1356,9 @@ r_entry0(VALUE v, st_index_t num, struct load_arg *arg)
    }
    if (arg->infection &&
 	!RB_TYPE_P(v, T_CLASS) && !RB_TYPE_P(v, T_MODULE)) {
-	FL_SET(v, arg->infection);
+	OBJ_TAINT(v);
 	if ((VALUE)real_obj != Qundef)
-	    FL_SET((VALUE)real_obj, arg->infection);
+	    OBJ_TAINT((VALUE)real_obj);
    }
    return v;
 }
--- a/test/ruby/test_marshal.rb
+++ b/test/ruby/test_marshal.rb
@ -601,4 +601,14 @@ class TestMarshal < Test::Unit::TestCase
    bare = "".force_encoding(Encoding::ASCII_8BIT) << packed
    assert_equal(Marshal.dump(bare), Marshal.dump(packed))
  end
+
+  def test_untainted_numeric
+    bug8945 = '[ruby-core:57346] [Bug #8945] Numerics never be tainted'
+    b = 1 << 32
+    b *= b until Bignum === b
+    tainted = [0, 1.0, 1.72723e-77, b].select do |x|
+      Marshal.load(Marshal.dump(x).taint).tainted?
+    end
+    assert_empty(tainted.map {|x| [x, x.class]}, bug8945)
+  end
 end