merge revision(s) 64071: [Backport #14941]

ruby.c: taint ARGV on Windows * ruby.c (external_str_new_cstr): strings come from the external should be tainted. [ruby-dev:50596] [Bug #14941] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@64563 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2025-08-15 13:39:04 +02:00 · 2018-08-27 14:15:43 +00:00 · 2018-08-27 14:15:43 +00:00 · 94e6598969
commit 94e6598969
parent ba75776346
3 changed files with 11 additions and 2 deletions
--- a/ruby.c
+++ b/ruby.c
@ -2069,7 +2069,9 @@ external_str_new_cstr(const char *p)
 {
 #if UTF8_PATH
    VALUE str = rb_utf8_str_new_cstr(p);
-    return str_conv_enc(str, NULL, rb_default_external_encoding());
+    str = str_conv_enc(str, NULL, rb_default_external_encoding());
+    OBJ_TAINT_RAW(str);
+    return str;
 #else
    return rb_external_str_new_cstr(p);
 #endif
--- a/test/ruby/test_rubyoptions.rb
+++ b/test/ruby/test_rubyoptions.rb
@ -920,4 +920,11 @@ class TestRubyOptions < Test::Unit::TestCase
      end
    end
  end
+
+  def test_argv_tainted
+    assert_separately(%w[- arg], "#{<<~"begin;"}\n#{<<~'end;'}")
+    begin;
+      assert_predicate(ARGV[0], :tainted?, '[ruby-dev:50596] [Bug #14941]')
+    end;
+  end
 end
--- a/version.h
+++ b/version.h
@ -1,6 +1,6 @@
 #define RUBY_VERSION "2.4.5"
 #define RUBY_RELEASE_DATE "2018-08-27"
-#define RUBY_PATCHLEVEL 320
+#define RUBY_PATCHLEVEL 321

 #define RUBY_RELEASE_YEAR 2018
 #define RUBY_RELEASE_MONTH 8