Hi Watson, This isn't good, rhash_modify() must be very fast, so calling OBJ_FROZEN and OBJ_UNTRUSTED is not good there. Can we look up the mask flag as before? Laurent On Jan 21, 2011, at 7:51 AM, source_changes@macosforge.org wrote:
Revision 5186 Author watson1978@gmail.com Date 2011-01-21 07:51:01 -0800 (Fri, 21 Jan 2011) Log Message
More method of Hash will throw a SecurityError when $SAFE is 4.
Test Script: {{{ h = {} $SAFE = 4 h['a'] = 1.0 }}} Modified Paths
MacRuby/trunk/hash.h Diff
Modified: MacRuby/trunk/hash.h (5185 => 5186)
--- MacRuby/trunk/hash.h 2011-01-21 02:20:08 UTC (rev 5185) +++ MacRuby/trunk/hash.h 2011-01-21 15:51:01 UTC (rev 5186) @@ -41,14 +41,11 @@ static inline void rhash_modify(VALUE hash) { - const long mask = RBASIC(hash)->flags; - if ((mask & FL_FREEZE) == FL_FREEZE) { - rb_raise(rb_eRuntimeError, "can't modify frozen/immutable hash"); + if (OBJ_FROZEN(hash)) { + rb_error_frozen("hash"); } - if ((mask & FL_TAINT) == FL_TAINT) { - if (rb_safe_level() >= 4) { - rb_raise(rb_eSecurityError, "Insecure: can't modify hash"); - } + if (!OBJ_UNTRUSTED(hash) && rb_safe_level() >= 4) { + rb_raise(rb_eSecurityError, "Insecure: can't modify hash"); } }
_______________________________________________ macruby-changes mailing list macruby-changes@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/macruby-changes