From 729d602e290a3d986c8fc3d178cf1e56f93a88a4 Mon Sep 17 00:00:00 2001
From: Peter Zhu <peter@peterzhu.ca>
Date: Wed, 10 Sep 2025 14:39:52 -0400
Subject: Assert that RARRAY_AREF is within bounds

We should assert that i is within bounds to prevent buffer overflows.
---
 internal/array.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/internal/array.h b/internal/array.h
index 398676df4a..3a689646fb 100644
--- a/internal/array.h
+++ b/internal/array.h
@@ -140,6 +140,8 @@ RARRAY_AREF(VALUE ary, long i)
     VALUE val;
     RBIMPL_ASSERT_TYPE(ary, RUBY_T_ARRAY);
 
+    RUBY_ASSERT(i < RARRAY_LEN(ary));
+
     RBIMPL_WARNING_PUSH();
 #if defined(__GNUC__) && !defined(__clang__) && __GNUC__ == 13
     RBIMPL_WARNING_IGNORED(-Warray-bounds);
-- 
cgit v1.2.3