From bd17e255889f35d0ae56e5a4d8a375310adb9ee3 Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Mon, 13 Mar 2017 11:47:45 +0000
Subject: string.c (rb_str_set_len): pathological check

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57961 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 string.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'string.c')

diff --git a/string.c b/string.c
index ceab6ea42d..6390ec5227 100644
--- a/string.c
+++ b/string.c
@@ -2574,7 +2574,7 @@ rb_str_set_len(VALUE str, long len)
     if (STR_SHARED_P(str)) {
 	rb_raise(rb_eRuntimeError, "can't set length of shared string");
     }
-    if (len > (capa = (long)str_capacity(str, termlen))) {
+    if (len > (capa = (long)str_capacity(str, termlen)) || len < 0) {
 	rb_bug("probable buffer overflow: %ld for %ld", len, capa);
     }
     STR_SET_LEN(str, len);
-- 
cgit v1.2.3