Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Provides a quick workaround for the segfault bug in Ruby (CVE-2009-1904)

branch: master

Fetching latest commit…

Octocat-spinner-32-eaf2f5

Cannot retrieve the latest commit at this time

Octocat-spinner-32 lib
Octocat-spinner-32 .gitignore
Octocat-spinner-32 LICENSE
Octocat-spinner-32 README.textile
Octocat-spinner-32 bigdecimal-segfault-fix.gemspec
Octocat-spinner-32 example.rb
README.textile

BigDecimal Segfault Fix

There is a segfault bug in ruby’s big decimal library which can be triggered by users providing known-bad values. If you wish to test whether your application is secure run example.rb. This script should exit normally, not segfault.

The workaround has negative side-effects. Specifically it prevents you from using BigDecimal to deal with large numbers (more than 255 digits) or from providing the numbers in scientific notation (e.g. “5E6” for 5000000). If you require those features you must upgrade to a patched ruby.

You are strongly advised to upgrade ruby following the instructions on the ruby site. This work around is only intended for temporary use.

Affected ruby versions:

1.8 series

  • 1.8.6-p368 and all prior versions
  • 1.8.7-p160 and all prior versions

1.9 series

  • All 1.9.1 versions are safe

Installation Instructions

Gem installation

This fix is available as a gem from github. To install it you should run the following commands:

  $ gem sources -a http://gems.github.com 
  $ sudo gem install NZKoz-bigdecimal-segfault-fix

Then in your code add:

  gem 'NZKoz-bigdecimal-segfault-fix'
  require 'bigdecimal-segfault-fix'

Rails Initializer Installation

To apply this fix to a Rails Application you can simply copy the bigdecimal-segfault-fix.rb file into your config/initializers directory.

Something went wrong with that request. Please try again.