From 2b6e1545e87510cb500f57376ef30c9fdd594591 Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Thu, 7 Apr 2016 02:24:16 +0000
Subject: tkutil.c: fix overrun

* ext/tk/tkutil/tkutil.c (cbsubst_initialize): fix out-of-bound
  access when no arguments given.  `p Tk::Event.new` crashed.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54509 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog              |  5 +++++
 ext/tk/tkutil/tkutil.c | 12 +++++++-----
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 80103d9928..81b1421458 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Thu Apr  7 11:24:14 2016  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* ext/tk/tkutil/tkutil.c (cbsubst_initialize): fix out-of-bound
+	  access when no arguments given.  `p Tk::Event.new` crashed.
+
 Fri Apr  1 01:26:00 2016  Benoit Daloze  <eregontp@gmail.com>
 
 	* ext/coverage/coverage.c: Fully reset coverage to not persist global state.
diff --git a/ext/tk/tkutil/tkutil.c b/ext/tk/tkutil/tkutil.c
index 147dfa23d1..3b1d3c5ecf 100644
--- a/ext/tk/tkutil/tkutil.c
+++ b/ext/tk/tkutil/tkutil.c
@@ -1284,11 +1284,13 @@ cbsubst_initialize(argc, argv, self)
 
     inf = cbsubst_get_ptr(rb_obj_class(self));
 
-    idx = 0;
-    for(iv_idx = 0; iv_idx < CBSUBST_TBL_MAX; iv_idx++) {
-      if ( inf->ivar[iv_idx] == (ID) 0 ) continue;
-      rb_ivar_set(self, inf->ivar[iv_idx], argv[idx++]);
-      if (idx >= argc) break;
+    if (argc > 0) {
+	idx = 0;
+	for (iv_idx = 0; iv_idx < CBSUBST_TBL_MAX; iv_idx++) {
+	    if (inf->ivar[iv_idx] == (ID)0) continue;
+	    rb_ivar_set(self, inf->ivar[iv_idx], argv[idx++]);
+	    if (idx >= argc) break;
+	}
     }
 
     return self;
-- 
cgit v1.2.3