summaryrefslogtreecommitdiff
path: root/array.c
diff options
context:
space:
mode:
authorshyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2008-06-29 09:23:33 +0000
committershyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2008-06-29 09:23:33 +0000
commitada89912d72109cb547b181b7ad28ff4e175cc97 (patch)
tree15a6e335e5136264833ba7ca18b1cdfe16b2606a /array.c
parentdef72350a9e23923dc2e4b70243d12ab057dbf00 (diff)
merge revision(s) 17570:
* array.c (rb_ary_fill): not depend on unspecified behavior at integer overflow. reported by Vincenzo Iozzo <snagg AT openssl.it>. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_7@17686 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'array.c')
-rw-r--r--array.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/array.c b/array.c
index 9814722..f4ed6e6 100644
--- a/array.c
+++ b/array.c
@@ -2416,10 +2416,10 @@ rb_ary_fill(argc, argv, ary)
break;
}
rb_ary_modify(ary);
- end = beg + len;
- if (end < 0) {
+ if (len > ARY_MAX_SIZE - beg) {
rb_raise(rb_eArgError, "argument too big");
}
+ end = beg + len;
if (end > RARRAY(ary)->len) {
if (end >= RARRAY(ary)->aux.capa) {
REALLOC_N(RARRAY(ary)->ptr, VALUE, end);