From b80ddbf461a9a215513d6bbd78bab7185a927a31 Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Thu, 5 Aug 2010 11:00:18 +0000
Subject: * string.c (rb_str_set_len): bail out when buffer overflowed  
 probably.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@28871 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 string.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'string.c')

diff --git a/string.c b/string.c
index cb371c2662..0aa2e6c52c 100644
--- a/string.c
+++ b/string.c
@@ -1693,10 +1693,15 @@ rb_str_unlocktmp(VALUE str)
 void
 rb_str_set_len(VALUE str, long len)
 {
+    long capa;
+
     str_modifiable(str);
     if (STR_SHARED_P(str)) {
 	rb_raise(rb_eRuntimeError, "can't set length of shared string");
     }
+    if (len > (capa = (long)rb_str_capacity(str))) {
+	rb_bug("probable buffer overflow: %ld for %ld", len, capa);
+    }
     STR_SET_LEN(str, len);
     RSTRING_PTR(str)[len] = '\0';
 }
-- 
cgit v1.2.3