2 files changed, 10 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index ce29a6b0da..bc1a24b391 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,14 @@ Mon Apr 14 12:52:25 2008  Nobuyoshi Nakada  <nobu@ruby-lang.org>
 
 	* gc.c (finalizers): removed.  [ruby-dev:34349]
 
+Mon Apr 14 11:30:07 2008  Yukihiro Matsumoto  <matz@ruby-lang.org>
+
+	* array.c (ary_new): new integer overflow check condition.
+	  suggested by TOYOFUKU Chikanobu <nobu_toyofuku at nifty.com> in
+	  [ruby-dev:34156].
+
+	* array.c (rb_ary_initialize): ditto.
+
 Mon Apr 14 00:51:40 2008  Yusuke Endoh  <mame@tsg.ne.jp>
 
 	* test/ruby/test_parse.rb: add tests to achieve over 95% test coverage
diff --git a/array.c b/array.c
index 8ccbd97ff1..edbc35d4b0 100644
--- a/array.c
+++ b/array.c
@@ -114,7 +114,7 @@ ary_new(VALUE klass, long len)
     if (len < 0) {
 	rb_raise(rb_eArgError, "negative array size (or size too big)");
     }
-    if (len > 0 && len * (long)sizeof(VALUE) <= len) {
+    if (len > LONG_MAX / sizeof(VALUE)) {
 	rb_raise(rb_eArgError, "array size too big");
     }
     ary = ary_alloc(klass);
@@ -313,7 +313,7 @@ rb_ary_initialize(int argc, VALUE *argv, VALUE ary)
     if (len < 0) {
 	rb_raise(rb_eArgError, "negative array size");
     }
-    if (len > 0 && len * (long)sizeof(VALUE) <= len) {
+    if (len > LONG_MAX / sizeof(VALUE)) {
 	rb_raise(rb_eArgError, "array size too big");
     }
     rb_ary_modify(ary);