From ce6f0e36a3107e4d78f8b508581cebbc9c8dd0f7 Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Sun, 13 Dec 2015 09:45:12 +0000
Subject: io.c: fix stack smashing

* io.c (parse_mode_enc): fix buffer overflow.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53083 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 io.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'io.c')

diff --git a/io.c b/io.c
index c8c13f85ea..2fd71e4669 100644
--- a/io.c
+++ b/io.c
@@ -5090,9 +5090,11 @@ parse_mode_enc(const char *estr, rb_encoding **enc_p, rb_encoding **enc2_p, int
 	    fmode |= FMODE_SETENC_BY_BOM;
 	    estr += 4;
             len -= 4;
-	    memcpy(encname, estr, len);
-	    encname[len] = '\0';
-	    estr = encname;
+	    if (len > 0 && len <= ENCODING_MAXNAMELEN) {
+		memcpy(encname, estr, len);
+		encname[len] = '\0';
+		estr = encname;
+	    }
 	}
 	idx = rb_enc_find_index(estr);
     }
-- 
cgit v1.2.3