3 files changed, 25 insertions, 4 deletions

diff --git a/marshal.c b/marshal.c
index d629a11046..5f0ac7e7bb 100644
--- a/marshal.c
+++ b/marshal.c
@@ -1424,9 +1424,10 @@ ruby2_keywords_flag_check(VALUE sym)
 {
     const char *p;
     long l;
+    if (rb_enc_get_index(sym) != ENCINDEX_US_ASCII) return 0;
     RSTRING_GETMEM(sym, p, l);
     if (l <= 0) return 0;
-    if (name_equal(name_s_ruby2_keywords_flag, rb_strlen_lit(name_s_ruby2_keywords_flag), p, 1)) {
+    if (name_equal(name_s_ruby2_keywords_flag, rb_strlen_lit(name_s_ruby2_keywords_flag), p, l)) {
         return 1;
     }
     return 0;
@@ -1461,7 +1462,13 @@ r_symreal(struct load_arg *arg, int ivar)
 	    idx = sym2encidx(sym, r_object(arg));
 	}
     }
-    if (idx > 0) rb_enc_associate_index(s, idx);
+    if (idx > 0) {
+        rb_enc_associate_index(s, idx);
+        if (rb_enc_str_coderange(s) == ENC_CODERANGE_BROKEN) {
+            rb_raise(rb_eArgError, "invalid byte sequence in %s: %+"PRIsVALUE,
+                     rb_enc_name(rb_enc_from_index(idx)), s);
+        }
+    }
 
     return s;
 }
diff --git a/test/ruby/test_marshal.rb b/test/ruby/test_marshal.rb
index ef8b261321..43bdadccb0 100644
--- a/test/ruby/test_marshal.rb
+++ b/test/ruby/test_marshal.rb
@@ -785,8 +785,22 @@ class TestMarshal < Test::Unit::TestCase
 
   def test_marshal_with_ruby2_keywords_hash
     flagged_hash = ruby2_keywords_hash(key: 42)
-    hash = Marshal.load(Marshal.dump(flagged_hash))
+    data = Marshal.dump(flagged_hash)
+    hash = Marshal.load(data)
     assert_equal(42, ruby2_keywords_test(*[hash]))
+
+    hash2 = Marshal.load(data.sub(/\x06K(?=T\z)/, "\x08KEY"))
+    assert_raise(ArgumentError, /\(given 1, expected 0\)/) {
+      ruby2_keywords_test(*[hash2])
+    }
+  end
+
+  def test_invalid_byte_sequence_symbol
+    data = Marshal.dump(:K)
+    data = data.sub(/:\x06K/, "I\\&\x06:\x0dencoding\"\x0dUTF-16LE")
+    assert_raise(ArgumentError, /UTF-16LE: "\\x4B"/) {
+      Marshal.load(data)
+    }
   end
 
   def exception_test
diff --git a/version.h b/version.h
index 43799945f5..99ed4691ce 100644
--- a/version.h
+++ b/version.h
@@ -12,7 +12,7 @@
 # define RUBY_VERSION_MINOR RUBY_API_VERSION_MINOR
 #define RUBY_VERSION_TEENY 3
 #define RUBY_RELEASE_DATE RUBY_RELEASE_YEAR_STR"-"RUBY_RELEASE_MONTH_STR"-"RUBY_RELEASE_DAY_STR
-#define RUBY_PATCHLEVEL 139
+#define RUBY_PATCHLEVEL 140
 
 #define RUBY_RELEASE_YEAR 2021
 #define RUBY_RELEASE_MONTH 10