Issue #15886 has been updated by jeremyevans0 (Jeremy Evans).


jeremyevans0 (Jeremy Evans) wrote:
> However, I think it makes sense to expand the Timeout.timeout documentation to mention that you should not use it with blocks that you do not trust, with examples of things that can go wrong (such as your case).

Here's some possible additional documentation.  Feedback appreciated.

```diff
diff --git a/lib/timeout.rb b/lib/timeout.rb
index a33bb4ce65..62a35169a4 100644
--- a/lib/timeout.rb
+++ b/lib/timeout.rb
@@ -67,7 +67,9 @@ def exception(*)
   # +sec+ seconds, otherwise throws an exception, based on the value of +klass+.
   #
   # The exception thrown to terminate the given block cannot be rescued inside
-  # the block unless +klass+ is given explicitly.
+  # the block unless +klass+ is given explicitly. However, the block can use
+  # ensure to prevent the handling of the exception.  For that reason, this
+  # method cannot be relied on to enforce timeouts for untrusted blocks.
   #
   # Note that this is both a method of module Timeout, so you can <tt>include
   # Timeout</tt> into your classes so they have a #timeout method, as well as
```

----------------------------------------
Bug #15886: return in rescue block breaks Timeout.timeout
https://bugs.ruby-lang.org/issues/15886#change-78318

* Author: moio (Silvio Moioli)
* Status: Rejected
* Priority: Normal
* Assignee: 
* Target version: 
* ruby -v: ruby 2.5.1p57 (2018-03-29 revision 63029) [x86_64-linux-gnu]
* Backport: 2.4: UNKNOWN, 2.5: UNKNOWN, 2.6: UNKNOWN
----------------------------------------
Passing `Timeout.timeout` a block with a rescue clause that contains a return statement prevents `Timeout::Error` to be raised as expected.

Reproducer:

``` ruby
require 'timeout'

begin
  Timeout.timeout(1) do
    begin
      sleep 10
    ensure
      puts "ensure block executed"

      ## commenting line below restores expected behaviour
      return true

    end
  end
rescue Timeout::Error => e
  puts "EXPECTED BEHAVIOUR: timeout error rescued"
end
```


Expected output:
```
ensure block executed
EXPECTED BEHAVIOR: timeout error rescued
```

Actual output:
```
ensure block executed
```



Looking in Redmine the following two issues appear related (but I lack the insight to tell for sure):
 - https://bugs.ruby-lang.org/issues/14859
 - https://bugs.ruby-lang.org/issues/7503


I apologize in advance if this issue is a duplicate.



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>