Round the io_reader clamp down to a character boundary

hsbt · claude · hsbt · commit 6201ae17c168 · 2026-06-02T11:10:22.000+09:00
Clamping the over-read at exactly the requested size could split a
multibyte character, since the string an IO returns may carry a
non-binary encoding. Round the cut down to the last character boundary
at or before the size so the bytes handed to libyaml are always whole
characters.

Co-Authored-By: Claude Opus 4.8 &lt;noreply@anthropic.com&gt;
diff --git a/ext/psych/psych_parser.c b/ext/psych/psych_parser.c
@@ -32,13 +32,17 @@ static int io_reader(void * data, unsigned char *buf, size_t size, size_t *read)
     *read = 0;
 
     if(! NIL_P(string)) {
-        void * str = (void *)StringValuePtr(string);
+        char * str = StringValuePtr(string);
         size_t len = (size_t)RSTRING_LEN(string);
 
         /* IO#read(size) is documented to return at most `size` bytes, but a
          * misbehaving IO-like object may return more. Clamp the copy to the
-         * buffer libyaml gave us to avoid writing past its end. */
-        if(len > size) len = size;
+         * buffer libyaml gave us to avoid writing past its end, rounding down
+         * to a character boundary so a multibyte character is never split. */
+        if(len > size) {
+            rb_encoding * enc = rb_enc_get(string);
+            len = (size_t)(rb_enc_left_char_head(str, str + size, str + len, enc) - str);
+        }
 
         *read = len;
         memcpy(buf, str, len);
diff --git a/test/psych/test_parser.rb b/test/psych/test_parser.rb
@@ -221,6 +221,25 @@ def io.read len
       assert_called :end_stream
     end
 
+    def test_parse_io_returns_more_bytes_than_requested_multibyte
+      # The over-read is rounded down to a character boundary so a multibyte
+      # character is never split when the copy is clamped.
+      io = Object.new
+      def io.external_encoding; Encoding::UTF_8 end
+      def io.read len
+        return nil if @done
+        @done = true
+        "--- a\n#" + ("あ" * (len + (1 << 20)))
+      end
+
+      begin
+        @parser.parse io
+      rescue IOError
+        return
+      end
+      assert_called :scalar
+    end
+
     def test_syntax_error
       assert_raise(Psych::SyntaxError) do
         @parser.parse("---\n\"foo\"\n\"bar\"\n")
