From a9bd53085a928026806bf8af244532bfb6dd742f Mon Sep 17 00:00:00 2001 From: naruse Date: Sun, 12 Mar 2017 16:51:47 +0000 Subject: merge revision(s) 57797,57799,57800: [Backport #13289] string.c: fix integer overflow * string.c (rb_str_subpos): fix integer overflow which can happen only when SHARABLE_MIDDLE_SUBSTRING is enabled. incorpolate https://github.com/mruby/mruby/commit/7db0786abdd243ba031e24683f string.c: fix integer overflow * string.c (str_byte_substr): fix another integer overflow which can happen only when SHARABLE_MIDDLE_SUBSTRING is enabled. [ruby-core:79951] [Bug #13289] string.c: negation of LONG_MIN * string.c (rb_str_update): do not use negation of LONG_MIN, which is negative too. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@57931 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- string.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'string.c') diff --git a/string.c b/string.c index 6f1c8c4446..312d82042e 100644 --- a/string.c +++ b/string.c @@ -2316,7 +2316,7 @@ rb_str_subpos(VALUE str, long beg, long *lenp) beg += blen; if (beg < 0) return 0; } - if (beg + len > blen) + if (len > blen - beg) len = blen - beg; if (len < 0) return 0; p = s + beg; @@ -4365,12 +4365,14 @@ rb_str_update(VALUE str, long beg, long len, VALUE val) rb_raise(rb_eIndexError, "index %ld out of string", beg); } if (beg < 0) { - if (-beg > slen) { + if (beg + slen < 0) { goto out_of_range; } beg += slen; } - if (slen < len || slen < beg + len) { + assert(beg >= 0); + assert(beg <= slen); + if (len > slen - beg) { len = slen - beg; } str_modify_keep_cr(str); @@ -5184,7 +5186,7 @@ str_byte_substr(VALUE str, long beg, long len, int empty) beg += n; if (beg < 0) return Qnil; } - if (beg + len > n) + if (len > n - beg) len = n - beg; if (len <= 0) { if (!empty) return Qnil; -- cgit v1.2.3