From 1abe5c8d41f66ddc2419b361200d06c8b0d7a31e Mon Sep 17 00:00:00 2001
From: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Sun, 31 Aug 2014 06:30:50 +0000
Subject: merge revision(s) 46416: [Backport #9942]

	* array.c (rb_ary_permutation): `p` is the array of size `r`, as
	  commented at permute0().  since `n >= r` here, buffer overflow
	  never happened, just reduce unnecessary allocation though.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@47331 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 array.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'array.c')

diff --git a/array.c b/array.c
index edf40c9ee1..5e95e87685 100644
--- a/array.c
+++ b/array.c
@@ -4660,7 +4660,7 @@ rb_ary_permutation(int argc, VALUE *argv, VALUE ary)
 	}
     }
     else {             /* this is the general case */
-	volatile VALUE t0 = tmpbuf(n,sizeof(long));
+	volatile VALUE t0 = tmpbuf(r,sizeof(long));
 	long *p = (long*)RSTRING_PTR(t0);
 	volatile VALUE t1 = tmpbuf(n,sizeof(char));
 	char *used = (char*)RSTRING_PTR(t1);
-- 
cgit v1.2.3