* string.c (rb_str_cat): fix buffer overflow.

* string.c (rb_str_append): nothing to append actually when `str2'
  is empty.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@1675 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

2 files changed, 12 insertions, 5 deletions

diff --git a/ChangeLog b/ChangeLog
index 35c51fbc8c..48af29f40a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,11 +1,18 @@
+Sun Aug 12 15:01:58 2001  Nobuyoshi Nakada  <nobu.nakada@nifty.ne.jp>
+
+	* string.c (rb_str_cat): fix buffer overflow.
+
+	* string.c (rb_str_append): nothing to append actually when `str2'
+	  is empty.
+
 Tue Aug  7 09:10:32 2001  Usaku Nakamura  <usa@ruby-lang.org>
 
 	* win32/win32.h: fix problems with BC++ (ruby-bugs#PR161).
 
 Mon Aug  6 23:47:46 2001  Nobuyoshi Nakada  <nobu.nakada@nifty.ne.jp>
 
-	* pack.c (pack_unpack): associates p/P strings once at
-	  last(reverted to 1.26).
+	* pack.c (pack_pack): associates p/P strings once at last
+	  (reverted to 1.26).
 
 	* string.c (rb_str_associate): associates an Array at once, not
 	  but a String. realloc's when str_buf.
diff --git a/string.c b/string.c
index ec1a31362d..0faf54a747 100644
--- a/string.c
+++ b/string.c
@@ -534,7 +534,7 @@ rb_str_cat(str, ptr, len)
 	    (FL_TEST(str, STR_NO_ORIG) && !FL_TEST(str, STR_ASSOC))) {
 	    return rb_str_buf_cat(str, ptr, len);
 	}
-	REALLOC_N(RSTRING(str)->ptr, char, RSTRING(str)->len+1);
+	REALLOC_N(RSTRING(str)->ptr, char, RSTRING(str)->len+len+1);
 	if (ptr) {
 	    memcpy(RSTRING(str)->ptr + RSTRING(str)->len, ptr, len);
 	}
@@ -594,8 +594,8 @@ rb_str_append(str, str2)
 
     StringValue(str2);
     rb_str_modify(str);
-    len = RSTRING(str)->len+RSTRING(str2)->len;
-    if (len > 0) {
+    if (RSTRING(str2)->len > 0) {
+	len = RSTRING(str)->len+RSTRING(str2)->len;
 	if (RSTRING(str)->orig == 0 ||
 	    (FL_TEST(str, STR_NO_ORIG) && !FL_TEST(str, STR_ASSOC))) {
 	    rb_str_buf_append(str, str2);