From 7abafeb92d9ec90f152be98e2cc89981c337d4da Mon Sep 17 00:00:00 2001
From: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Wed, 16 Dec 2015 07:14:32 +0000
Subject: merge revision(s) 53083: [Backport #11823]

	* io.c (parse_mode_enc): fix buffer overflow.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@53148 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 io.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'io.c')

diff --git a/io.c b/io.c
index bf859578cc..086fc358e3 100644
--- a/io.c
+++ b/io.c
@@ -5059,9 +5059,11 @@ parse_mode_enc(const char *estr, rb_encoding **enc_p, rb_encoding **enc2_p, int
 	    fmode |= FMODE_SETENC_BY_BOM;
 	    estr += 4;
             len -= 4;
-	    memcpy(encname, estr, len);
-	    encname[len] = '\0';
-	    estr = encname;
+	    if (len > 0 && len <= ENCODING_MAXNAMELEN) {
+		memcpy(encname, estr, len);
+		encname[len] = '\0';
+		estr = encname;
+	    }
 	}
 	idx = rb_enc_find_index(estr);
     }
-- 
cgit v1.2.3