string.c: fix buffer overflow check condition in rb_str_set_len()

* string.c (rb_str_set_len): The buffer overflow check is wrong. The space for termlen is allocated outside the capacity returned by rb_str_capacity(). This fixes r41920 ("string.c: multi-byte terminator", 2013-07-11). [ruby-core:77257] [Bug #12757] * test/-ext-/string/test_set_len.rb (test_capacity_equals_to_new_size): Test for this change. Applying only the test will trigger [BUG]. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56148 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2016-09-13 07:08:15 +0000
committer: rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2016-09-13 07:08:15 +0000
commit: be3baa4380dcc452299af0a9d26e08e3df56110d (patch)
tree: 5a7f9660f2cc01ee433189d809d975e59e2b1a58 /string.c
parent: b4d0e5a4fb607e1e19abba99858dce42cc3cf188 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/string.c b/string.c
index 59c44ca4ba..4197a174fb 100644
--- a/string.c
+++ b/string.c
@@ -2497,7 +2497,7 @@ rb_str_set_len(VALUE str, long len)
     if (STR_SHARED_P(str)) {
 	rb_raise(rb_eRuntimeError, "can't set length of shared string");
     }
-    if (len + termlen - 1 > (capa = (long)rb_str_capacity(str))) {
+    if (len > (capa = (long)str_capacity(str, termlen))) {
 	rb_bug("probable buffer overflow: %ld for %ld", len, capa);
     }
     STR_SET_LEN(str, len);
author	rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2016-09-13 07:08:15 +0000
committer	rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2016-09-13 07:08:15 +0000
commit	be3baa4380dcc452299af0a9d26e08e3df56110d (patch)
tree	5a7f9660f2cc01ee433189d809d975e59e2b1a58 /string.c
parent	b4d0e5a4fb607e1e19abba99858dce42cc3cf188 (diff)