diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | string.c | 3 |
2 files changed, 7 insertions, 1 deletions
@@ -1,3 +1,8 @@ +Thu Aug 5 12:39:14 2010 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * string.c (str_make_independent_expand): fix buffer overflow + while shrinking. + Thu Aug 5 06:42:31 2010 Tanaka Akira <akr@fsij.org> * file.c (realpath_rec): call rb_str_modify before rb_str_set_len. @@ -1271,8 +1271,9 @@ str_make_independent_expand(VALUE str, long expand) ptr = ALLOC_N(char, len+expand+1); if (RSTRING_PTR(str)) { - memcpy(ptr, RSTRING_PTR(str), len); + memcpy(ptr, RSTRING_PTR(str), expand < 0 ? len + expand : len); } + len += expand; STR_SET_NOEMBED(str); ptr[len] = 0; RSTRING(str)->as.heap.ptr = ptr; |