From f46eb05759d8b38a8a25dae39a86a9c8350a220f Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Mon, 13 Mar 2017 14:59:08 +0000
Subject: sprintf.c: fix out-of-bound access

* sprintf.c (rb_str_format): get rid of out-of-bound access when
  single % at the end.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57962 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 sprintf.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sprintf.c b/sprintf.c
index 40872c0c16..117c568d78 100644
--- a/sprintf.c
+++ b/sprintf.c
@@ -517,6 +517,7 @@ rb_str_format(int argc, const VALUE *argv, VALUE fmt)
 	VALUE sym = Qnil;
 
 	for (t = p; t < end && *t != '%'; t++) ;
+	if (t + 1 == end) ++t;
 	PUSH(p, t - p);
 	if (coderange != ENC_CODERANGE_BROKEN && scanned < blen) {
 	    scanned += rb_str_coderange_scan_restartable(buf+scanned, buf+blen, enc, &coderange);
-- 
cgit v1.2.3