2 files changed, 8 insertions, 1 deletions

diff --git a/ChangeLog b/ChangeLog
index c5f660ac18..99544d3d93 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+Thu Apr 18 16:20:21 2013  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* pack.c (pack_unpack): increase buffer size to fix buffer overflow,
+	  and fix garbages just after unpacking without missing paddings.
+	  [Bug #8286]
+
 Thu Apr 18 13:35:54 2013  NARUSE, Yui  <naruse@ruby-lang.org>
 
 	* pack.c (pack_unpack): output characters even if the input doesn't
diff --git a/pack.c b/pack.c
index e6ea8a93db..1300e43b5d 100644
--- a/pack.c
+++ b/pack.c
@@ -1941,7 +1941,7 @@ pack_unpack(VALUE str, VALUE fmt)
 
 	  case 'm':
 	    {
-		VALUE buf = infected_str_new(0, (send - s + 2)*3/4, str); /* +2 is for skipping paddings */
+		VALUE buf = infected_str_new(0, (send - s + 3)*3/4, str); /* +3 is for skipping paddings */
 		char *ptr = RSTRING_PTR(buf);
 		int a = -1,b = -1,c = 0,d = 0;
 		static signed char b64_xtable[256];
@@ -2004,6 +2004,7 @@ pack_unpack(VALUE str, VALUE fmt)
 			*ptr++ = castchar(a << 2 | b >> 4);
 			*ptr++ = castchar(b << 4 | c >> 2);
 			*ptr++ = castchar(c << 6 | d);
+			a = -1;
 		    }
 		    if (a != -1 && b != -1) {
 			if (c == -1)