From 371a295e190f5b1191400a6ed6944e85ed035598 Mon Sep 17 00:00:00 2001
From: Luke Gruber <luke.gruber@shopify.com>
Date: Wed, 12 Nov 2025 12:51:47 -0500
Subject: Fix improper termlen fill in `str_duplicate_setup_embed`.

When term len != 1 (for example: Encoding::UTF32BE), term fill is wrong size.
---
 string.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/string.c b/string.c
index 5c4e15c4a1..827555d9e0 100644
--- a/string.c
+++ b/string.c
@@ -1935,8 +1935,8 @@ str_duplicate_setup_embed(VALUE klass, VALUE str, VALUE dup)
     long len = RSTRING_LEN(str);
 
     RUBY_ASSERT(STR_EMBED_P(dup));
-    RUBY_ASSERT(str_embed_capa(dup) >= len + 1);
-    MEMCPY(RSTRING(dup)->as.embed.ary, RSTRING(str)->as.embed.ary, char, len + 1);
+    RUBY_ASSERT(str_embed_capa(dup) >= len + TERM_LEN(str));
+    MEMCPY(RSTRING(dup)->as.embed.ary, RSTRING(str)->as.embed.ary, char, len + TERM_LEN(str));
     STR_SET_LEN(dup, RSTRING_LEN(str));
     return str_duplicate_setup_encoding(str, dup, flags);
 }
-- 
cgit v1.2.3