From 937319126af801016d410226eb0cefc2c0b5ed32 Mon Sep 17 00:00:00 2001
From: nagachika <nagachika@ruby-lang.org>
Date: Sat, 30 Nov 2024 18:34:32 +0900
Subject: merge revision(s) 02b70256b5171d4b85ea7eeab836d3d7cfb3dbfc,
 6b4f8945d600168bf530d21395da8293fbd5e8ba: [Backport #20909]

	Check negative integer underflow

	Many of Oniguruma functions need valid encoding strings
---
 string.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'string.c')

diff --git a/string.c b/string.c
index 40b46eee57..a32b545642 100644
--- a/string.c
+++ b/string.c
@@ -2835,11 +2835,12 @@ rb_str_subpos(VALUE str, long beg, long *lenp)
 {
     long len = *lenp;
     long slen = -1L;
-    long blen = RSTRING_LEN(str);
+    const long blen = RSTRING_LEN(str);
     rb_encoding *enc = STR_ENC_GET(str);
     char *p, *s = RSTRING_PTR(str), *e = s + blen;
 
     if (len < 0) return 0;
+    if (beg < 0 && -beg < 0) return 0;
     if (!blen) {
         len = 0;
     }
@@ -2857,7 +2858,8 @@ rb_str_subpos(VALUE str, long beg, long *lenp)
     }
     if (beg < 0) {
         if (len > -beg) len = -beg;
-        if (-beg * rb_enc_mbmaxlen(enc) < RSTRING_LEN(str) / 8) {
+        if ((ENC_CODERANGE(str) == ENC_CODERANGE_VALID) &&
+            (-beg * rb_enc_mbmaxlen(enc) < blen / 8)) {
             beg = -beg;
             while (beg-- > len && (e = rb_enc_prev_char(s, e, e, enc)) != 0);
             p = e;
@@ -2875,7 +2877,7 @@ rb_str_subpos(VALUE str, long beg, long *lenp)
             if (len == 0) goto end;
         }
     }
-    else if (beg > 0 && beg > RSTRING_LEN(str)) {
+    else if (beg > 0 && beg > blen) {
         return 0;
     }
     if (len == 0) {
-- 
cgit v1.2.3