Those are the three bugs I found in the last few days.

* IO.ioctl/Bignum

IO#ioctl refuses a second argument that's a BigNum even when it is in the
C "long" (usually -2**31...+2**31) range.

* $SAFE/def

./ruby -v -e '$SAFE=4; def foo;end'
ruby 1.6.4 (2001-06-04) [i586-linux]
-e:1: Insecure operation `(null)' at level 4 (SecurityError)

./ruby -v -e '$SAFE=4; def foo;end'
ruby 1.7.1 (2001-06-01) [i586-linux]
-e:1: Insecure operation `(null)' at level 4 (SecurityError)

where (null) is ostensibly generated by LibC at sprintf() while scanning a
%s for which the value is 0. 

* Module#constants

Loading RubyX11 and calling ::X11.constants with the profiler enabled
takes 10 seconds with my computer, or 1 minute on a slow one, during which
18000 calls to String#== are made. This looks like half of the square of
the number of constants (there are 193 constants in ::X11).  Calls to
Module#constants happen in the normal course of loading RubyX11, so this
delay is somewhat annoying. This seems to have to do with a call to #each
using Array#index as a block, in the implementation of Module
(variable.c).

matju