summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog5
-rw-r--r--array.c4
-rw-r--r--version.h2
3 files changed, 8 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index 1de5184..555239d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Sun Jun 29 18:22:52 2008 Nobuyoshi Nakada <nobu@ruby-lang.org>
+
+ * array.c (rb_ary_fill): not depend on unspecified behavior at integer
+ overflow. reported by Vincenzo Iozzo <snagg AT openssl.it>.
+
Sun Jun 29 18:22:06 2008 Masaki Suketa <masaki.suketa@nifty.ne.jp>
* ext/win32ole/win32ole.c(ole_invoke): fix memory leak.
diff --git a/array.c b/array.c
index 9814722..f4ed6e6 100644
--- a/array.c
+++ b/array.c
@@ -2416,10 +2416,10 @@ rb_ary_fill(argc, argv, ary)
break;
}
rb_ary_modify(ary);
- end = beg + len;
- if (end < 0) {
+ if (len > ARY_MAX_SIZE - beg) {
rb_raise(rb_eArgError, "argument too big");
}
+ end = beg + len;
if (end > RARRAY(ary)->len) {
if (end >= RARRAY(ary)->aux.capa) {
REALLOC_N(RARRAY(ary)->ptr, VALUE, end);
diff --git a/version.h b/version.h
index aee8451..6c37e10 100644
--- a/version.h
+++ b/version.h
@@ -2,7 +2,7 @@
#define RUBY_RELEASE_DATE "2008-06-29"
#define RUBY_VERSION_CODE 187
#define RUBY_RELEASE_CODE 20080629
-#define RUBY_PATCHLEVEL 30
+#define RUBY_PATCHLEVEL 31
#define RUBY_VERSION_MAJOR 1
#define RUBY_VERSION_MINOR 8