RE2.QuoteMeta doesn’t work with strings containing null byte. #130
Assignees
Comments
mudge
added a commit
that referenced
this issue
Jan 20, 2024
GitHub: #130 Ensure that whenever we pass Ruby string data into RE2 we use the data's explicit length as returned by RSTRING_LEN rather than relying on null-termination. RSTRING_PTR doesn't guarantee this (see https://docs.ruby-lang.org/en/3.3/extension_rdoc.html#label-VALUE+type+conversion) and we can end up either truncating input or, worse, over-reading.
mudge
added a commit
that referenced
this issue
Jan 20, 2024
GitHub: #130 Ensure that whenever we pass Ruby string data into RE2 we use the data's explicit length as returned by RSTRING_LEN rather than relying on null-termination. RSTRING_PTR doesn't guarantee this (see https://docs.ruby-lang.org/en/3.3/extension_rdoc.html#label-VALUE+type+conversion) and we can end up either truncating input or, worse, over-reading.
mudge
added a commit
that referenced
this issue
Jan 20, 2024
GitHub: #130 Ensure that whenever we pass Ruby string data into RE2 we use the data's explicit length as returned by RSTRING_LEN rather than relying on null-termination. RSTRING_PTR doesn't guarantee this (see https://docs.ruby-lang.org/en/3.3/extension_rdoc.html#label-VALUE+type+conversion) and we can end up either truncating input or, worse, over-reading.
mudge
added a commit
that referenced
this issue
Jan 20, 2024
GitHub: #130 Ensure that whenever we pass Ruby string data into RE2 we use the data's explicit length as returned by RSTRING_LEN rather than relying on null-termination. RSTRING_PTR doesn't guarantee this (see https://docs.ruby-lang.org/en/3.3/extension_rdoc.html#label-VALUE+type+conversion) and we can end up either truncating input or, worse, over-reading.
mudge
added a commit
that referenced
this issue
Jan 20, 2024
GitHub: #130 Ensure that whenever we pass Ruby string data into RE2 we use the data's explicit length as returned by RSTRING_LEN rather than relying on null-termination. RSTRING_PTR doesn't guarantee this (see https://docs.ruby-lang.org/en/3.3/extension_rdoc.html#label-VALUE+type+conversion) and we can end up either truncating input or, worse, over-reading.
mudge
added a commit
that referenced
this issue
Jan 20, 2024
GitHub: #130 Ensure that whenever we pass Ruby string data into RE2 we use the data's explicit length as returned by RSTRING_LEN rather than relying on null-termination. RSTRING_PTR doesn't guarantee this (see https://docs.ruby-lang.org/en/3.3/extension_rdoc.html#label-VALUE+type+conversion) and we can end up either truncating input or, worse, over-reading.
|
Thanks for reporting this, @manueljacob. This should now be fixed in the newly released 2.7.0, can you please let me know if that resolves your issue? It should also fix handling of null bytes across the library where possible (note that null bytes are not valid in capturing group names as that is dictated by RE2 itself). |
|
It works for me, thank you! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I’d expect
RE2.QuoteMeta("abc\0def")to return"abc\\x00def"but it returns"abc". The reason is that in https://github.com/mudge/re2/blob/v2.6.0/ext/re2/re2.cc#L1756,RSTRING_PTRis used to convert the Ruby String tochar *.RE2::QuoteMetathen interprets it as a null-terminated string. In addition to the truncation problem, according to the Ruby documentation, the result ofRSTRING_PTRmay not be NUL-terminated, potentially leading to a buffer over-read.The text was updated successfully, but these errors were encountered: