diff options
author | shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2008-06-29 09:24:21 +0000 |
---|---|---|
committer | shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2008-06-29 09:24:21 +0000 |
commit | 526a28d851ba4ec2ab8e5c2321af43cda2dd1d7f (patch) | |
tree | e47d5fa04ffc67fa05384bbd652e93702a87788b /array.c | |
parent | 007bfbc9e1be697a73d282111b9dcf5b5c73fa55 (diff) |
merge revision(s) 17570:
* array.c (rb_ary_fill): not depend on unspecified behavior at integer
overflow. reported by Vincenzo Iozzo <snagg AT openssl.it>.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@17688 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'array.c')
-rw-r--r-- | array.c | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -2272,10 +2272,10 @@ rb_ary_fill(argc, argv, ary) break; } rb_ary_modify(ary); - end = beg + len; - if (end < 0) { + if (len > ARY_MAX_SIZE - beg) { rb_raise(rb_eArgError, "argument too big"); } + end = beg + len; if (end > RARRAY(ary)->len) { if (end >= RARRAY(ary)->aux.capa) { REALLOC_N(RARRAY(ary)->ptr, VALUE, end); |