From 855e79f3de9dea98f9484181c9ffe47dbcba2807 Mon Sep 17 00:00:00 2001
From: shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Fri, 20 Jun 2008 07:38:15 +0000
Subject: merge revision(s) 17470:17472: 	* array.c (rb_ary_store,
 rb_ary_splice): not depend on unspecified 	  behavior at integer
 overflow. 	* string.c (str_buf_cat): ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_7@17480 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 array.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'array.c')

diff --git a/array.c b/array.c
index fda2c24fef..9814722382 100644
--- a/array.c
+++ b/array.c
@@ -391,7 +391,7 @@ rb_ary_store(ary, idx, val)
 	if (new_capa < ARY_DEFAULT_SIZE) {
 	    new_capa = ARY_DEFAULT_SIZE;
 	}
-	else if (new_capa >= ARY_MAX_SIZE - idx) {
+	if (new_capa >= ARY_MAX_SIZE - idx) {
 	    new_capa = (ARY_MAX_SIZE - idx) / 2;
 	}
 	new_capa += idx;
@@ -1094,10 +1094,10 @@ rb_ary_splice(ary, beg, len, rpl)
     rb_ary_modify(ary);
 
     if (beg >= RARRAY(ary)->len) {
-	len = beg + rlen;
-	if (len < 0 || len > ARY_MAX_SIZE) {
+	if (beg > ARY_MAX_SIZE - rlen) {
 	    rb_raise(rb_eIndexError, "index %ld too big", beg);
 	}
+	len = beg + rlen;
 	if (len >= RARRAY(ary)->aux.capa) {
 	    REALLOC_N(RARRAY(ary)->ptr, VALUE, len);
 	    RARRAY(ary)->aux.capa = len;
-- 
cgit v1.2.3