Dl taint fixes in Ruby 1.8.7-p72 broke Ruby/Tidy


Since Ruby 1.8.7-p72, I get the following error when using Ruby/Tidy:

SecurityError: Insecure operation - call

(eval):5:in `call'
(eval):5:in `tidySetErrorBuffer'
/usr/lib/ruby/1.8/tidy/tidylib.rb:102:in `set_error_buffer'
/usr/lib/ruby/1.8/tidy/tidyobj.rb:31:in `initialize'
/usr/lib/ruby/1.8/tidy.rb:36:in `new'
/usr/lib/ruby/1.8/tidy.rb:36:in `new'
/usr/lib/ruby/1.8/tidy.rb:56:in `open'
/usr/lib/ruby/1.8/samizdat/sanitize.rb:106:in `tidy'

The code that calls tidy is as follows:

  def tidy(html)
    xml = Tidy.open(:output_xhtml => true, :literal_attributes => true,
      :tidy_mark => false, :wrap => 0, :char_encoding => 'utf8'
    ) {|tidy| tidy.clean(html.to_s.untaint) }


Is it Ruby/Tidy that is doing something wrong, or is the security fix
in Ruby 1.8.7-p72 (SVN r17872 [0] would be prime suspect) getting

[0] http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17872

Here are the relevant (or so I think) bits of Ruby/Tidy code:

class Tidyobj
  # . . .
  def initialize(options=nil)
    @diagnostics = Array.new
    @doc = Tidylib.create
    @errors = Array.new
    @errbuf = Tidybuf.new
    @outbuf = Tidybuf.new
    @options = Tidyopt.new(@doc)
    rc = Tidylib.set_error_buffer(@doc, @errbuf.struct)
    unless options.nil?
      options.each { |name, value| Tidylib.opt_parse_value(@doc, name, value) }
  # . . .

class Tidybuf
  extend DL::Importable


  TidyBuffer = struct [
    "TidyAllocator* allocator",
    "byte* bp",
    "uint size",
    "uint allocated",
    "uint next"

  def initialize
    @struct = TidyBuffer.malloc
  # . . .


Dmitry Borodaenko