From b5fdd1bd76873fb0dbda439fdbaec2589b3c5e19 Mon Sep 17 00:00:00 2001
From: akr <akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Sat, 2 Feb 2008 00:32:40 +0000
Subject: * random.c (limited_big_rand): fix buffer overflow when
 SIZEOF_BDIGITS   is 2.  fixed by Kenta Murata.  [ruby-dev:33565]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@15365 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 random.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

(limited to 'random.c')

diff --git a/random.c b/random.c
index 9bcc3b9e28..6d20190404 100644
--- a/random.c
+++ b/random.c
@@ -385,12 +385,16 @@ limited_big_rand(struct RBignum *limit)
     val = (struct RBignum *)rb_big_clone((VALUE)limit);
     RBIGNUM_SET_SIGN(val, 1);
 #if SIZEOF_BDIGITS == 2
-# define BIG_GET32(big,i) (RBIGNUM_DIGITS(big)[(i)*2] | \
-                           ((i)*2+1 < RBIGNUM_DIGITS(big) ? (RBIGNUM_DIGITS(big)[(i)*2+1] << 16) \
-                                                 : 0))
-# define BIG_SET32(big,i,d) ((RBIGNUM_DIGITS(big)[(i)*2] = (d) & 0xffff), \
-                             ((i)*2+1 < RBIGNUM_DIGITS(big) ? (RBIGNUM_DIGITS(big)[(i)*2+1] = (d) >> 16) \
-                                                   : 0))
+# define BIG_GET32(big,i) \
+    (RBIGNUM_DIGITS(big)[(i)*2] | \
+     ((i)*2+1 < RBIGNUM_LEN(big) ? \
+      (RBIGNUM_DIGITS(big)[(i)*2+1] << 16) : \
+      0))
+# define BIG_SET32(big,i,d) \
+    ((RBIGNUM_DIGITS(big)[(i)*2] = (d) & 0xffff), \
+     ((i)*2+1 < RBIGNUM_LEN(big) ? \
+      (RBIGNUM_DIGITS(big)[(i)*2+1] = (d) >> 16) : \
+      0))
 #else
     /* SIZEOF_BDIGITS == 4 */
 # define BIG_GET32(big,i) (RBIGNUM_DIGITS(big)[i])
-- 
cgit v1.2.3