From dd64b609a43469b04fc863ee7993ac7744991b2c Mon Sep 17 00:00:00 2001
From: shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Sun, 15 Jun 2008 13:53:47 +0000
Subject: merge revision(s) 16400: 	* string.c (rb_str_cat): fixed buffer
 overrun reported by 	  Christopher Thompson <cthompson at nexopia.com> in
 [ruby-core:16746]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@17298 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 string.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'string.c')

diff --git a/string.c b/string.c
index d27b5b4ff6..08213fad2b 100644
--- a/string.c
+++ b/string.c
@@ -747,7 +747,7 @@ rb_str_cat(str, ptr, len)
     }
     if (FL_TEST(str, STR_ASSOC)) {
 	rb_str_modify(str);
-	REALLOC_N(RSTRING(str)->ptr, char, RSTRING(str)->len+len);
+	REALLOC_N(RSTRING(str)->ptr, char, RSTRING(str)->len+len+1);
 	memcpy(RSTRING(str)->ptr + RSTRING(str)->len, ptr, len);
 	RSTRING(str)->len += len;
 	RSTRING(str)->ptr[RSTRING(str)->len] = '\0'; /* sentinel */
-- 
cgit v1.2.3