out-of-bounds read in string-to-float conversion
https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/ https://hackerone.com/reports/1248108