From be3baa4380dcc452299af0a9d26e08e3df56110d Mon Sep 17 00:00:00 2001
From: rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Tue, 13 Sep 2016 07:08:15 +0000
Subject: string.c: fix buffer overflow check condition in rb_str_set_len()

* string.c (rb_str_set_len): The buffer overflow check is wrong. The
  space for termlen is allocated outside the capacity returned by
  rb_str_capacity(). This fixes r41920 ("string.c: multi-byte
  terminator", 2013-07-11).  [ruby-core:77257] [Bug #12757]

* test/-ext-/string/test_set_len.rb (test_capacity_equals_to_new_size):
  Test for this change. Applying only the test will trigger [BUG].

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56148 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 test/-ext-/string/test_set_len.rb | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'test/-ext-/string')

diff --git a/test/-ext-/string/test_set_len.rb b/test/-ext-/string/test_set_len.rb
index 1c5252a5f6..58f51012fb 100644
--- a/test/-ext-/string/test_set_len.rb
+++ b/test/-ext-/string/test_set_len.rb
@@ -23,4 +23,13 @@ class Test_StrSetLen < Test::Unit::TestCase
       assert_equal("abc", @s1.set_len(3))
     }
   end
+
+  def test_capacity_equals_to_new_size
+    bug12757 = "[ruby-core:77257] [Bug #12757]"
+    # fill to ensure capacity does not decrease with force_encoding
+    str = Bug::String.new("\x00" * 128, capacity: 128)
+    str.force_encoding("UTF-32BE")
+    assert_equal 128, Bug::String.capacity(str)
+    assert_equal 127, str.set_len(127).bytesize, bug12757
+  end
 end
-- 
cgit v1.2.3