From e043ae73488e7fa623632ddbbbe51c70f1bae565 Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Sat, 6 Jan 2018 08:44:17 +0000
Subject: string.c: out-of-bounds access

* string.c (rb_str_enumerate_lines): fix out-of-bounds access when
  record separator is longer than the last element.  [Bug #14257]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61636 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 string.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/string.c b/string.c
index b7ae7069f6..75db0d22e8 100644
--- a/string.c
+++ b/string.c
@@ -8026,7 +8026,8 @@ rb_str_enumerate_lines(int argc, VALUE *argv, VALUE str, VALUE ary)
 	    if (rsnewline) {
 		pend = chomp_newline(subptr, pend, enc);
 	    }
-	    else if (memcmp(pend - rslen, rsptr, rslen) == 0) {
+	    else if (pend - subptr >= rslen &&
+		     memcmp(pend - rslen, rsptr, rslen) == 0) {
 		pend -= rslen;
 	    }
 	}
-- 
cgit v1.2.3