3 files changed, 22 insertions, 3 deletions

diff --git a/ChangeLog b/ChangeLog
index 93d58ee69d..f89b836138 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Sun Dec 13 18:45:12 2015  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* io.c (parse_mode_enc): fix buffer overflow.
+
 Sun Dec 13 18:35:57 2015  Nobuyoshi Nakada  <nobu@ruby-lang.org>
 
 	* ext/fiddle/function.c (initialize): check all arguments first.
diff --git a/io.c b/io.c
index c8c13f85ea..2fd71e4669 100644
--- a/io.c
+++ b/io.c
@@ -5090,9 +5090,11 @@ parse_mode_enc(const char *estr, rb_encoding **enc_p, rb_encoding **enc2_p, int
 	    fmode |= FMODE_SETENC_BY_BOM;
 	    estr += 4;
             len -= 4;
-	    memcpy(encname, estr, len);
-	    encname[len] = '\0';
-	    estr = encname;
+	    if (len > 0 && len <= ENCODING_MAXNAMELEN) {
+		memcpy(encname, estr, len);
+		encname[len] = '\0';
+		estr = encname;
+	    }
 	}
 	idx = rb_enc_find_index(estr);
     }
diff --git a/test/ruby/test_io_m17n.rb b/test/ruby/test_io_m17n.rb
index ea68219184..63eb4b7d88 100644
--- a/test/ruby/test_io_m17n.rb
+++ b/test/ruby/test_io_m17n.rb
@@ -2082,6 +2082,19 @@ EOT
     }
   end
 
+  def test_bom_too_long_utfname
+    assert_separately([], <<-'end;') # do
+      assert_warn(/Unsupported encoding/) {
+        open(IO::NULL, "r:bom|utf-" + "x" * 10000) {}
+      }
+    end;
+    assert_separately([], <<-'end;') # do
+      assert_warn(/Unsupported encoding/) {
+        open(IO::NULL, encoding: "bom|utf-" + "x" * 10000) {}
+      }
+    end;
+  end
+
   def test_cbuf
     with_tmpdir {
       fn = "tst"