Addresses CVE-2024-27280

From 26ec606bcd2de68b457a9b36852b764a71083b25 Mon Sep 17 00:00:00 2001
From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
Date: Thu, 21 Mar 2024 15:56:32 +0900
Subject: [PATCH] Merge StringIO 3.0.1.2

---
 ext/stringio/stringio.c        |  4 ++--
 test/stringio/test_stringio.rb | 25 +++++++++++++++++++++----
 2 files changed, 23 insertions(+), 6 deletions(-)

--- ruby3.1-3.1.2.orig/ext/stringio/stringio.c
+++ ruby3.1-3.1.2/ext/stringio/stringio.c
@@ -12,7 +12,7 @@
 
 **********************************************************************/
 
-#define STRINGIO_VERSION "3.0.1"
+#define STRINGIO_VERSION "3.0.1.2"
 
 #include "ruby.h"
 #include "ruby/io.h"
@@ -984,7 +984,7 @@ strio_unget_bytes(struct StringIO *ptr,
     len = RSTRING_LEN(str);
     rest = pos - len;
     if (cl > pos) {
-	long ex = (rest < 0 ? cl-pos : cl+rest);
+	long ex = cl - (rest < 0 ? pos : len);
 	rb_str_modify_expand(str, ex);
 	rb_str_set_len(str, len + ex);
 	s = RSTRING_PTR(str);
--- ruby3.1-3.1.2.orig/test/stringio/test_stringio.rb
+++ ruby3.1-3.1.2/test/stringio/test_stringio.rb
@@ -757,6 +757,15 @@ class TestStringIO < Test::Unit::TestCas
     assert_equal("b""\0""a", s.string)
   end
 
+  def test_ungetc_fill
+    count = 100
+    s = StringIO.new
+    s.print 'a' * count
+    s.ungetc('b' * (count * 5))
+    assert_equal((count * 5), s.string.size)
+    assert_match(/\Ab+\z/, s.string)
+  end
+
   def test_ungetbyte_pos
     b = '\\b00010001 \\B00010001 \\b1 \\B1 \\b000100011'
     s = StringIO.new( b )
@@ -782,6 +791,15 @@ class TestStringIO < Test::Unit::TestCas
     assert_equal("b""\0""a", s.string)
   end
 
+  def test_ungetbyte_fill
+    count = 100
+    s = StringIO.new
+    s.print 'a' * count
+    s.ungetbyte('b' * (count * 5))
+    assert_equal((count * 5), s.string.size)
+    assert_match(/\Ab+\z/, s.string)
+  end
+
   def test_frozen
     s = StringIO.new
     s.freeze
@@ -825,18 +843,17 @@ class TestStringIO < Test::Unit::TestCas
   end
 
   def test_overflow
-    omit if RbConfig::SIZEOF["void*"] > RbConfig::SIZEOF["long"]
+    return if RbConfig::SIZEOF["void*"] > RbConfig::SIZEOF["long"]
     limit = RbConfig::LIMITS["INTPTR_MAX"] - 0x10
     assert_separately(%w[-rstringio], "#{<<-"begin;"}\n#{<<-"end;"}")
     begin;
       limit = #{limit}
       ary = []
-      while true
+      begin
         x = "a"*0x100000
         break if [x].pack("p").unpack("i!")[0] < 0
         ary << x
-        omit if ary.size > 100
-      end
+      end while ary.size <= 100
       s = StringIO.new(x)
       s.gets("xxx", limit)
       assert_equal(0x100000, s.pos)