From e6f1557562c3e10586fe25a8e430ad44f461a58e Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Fri, 13 Jun 2014 04:43:57 +0000
Subject: array.c: fix array size

* array.c (rb_ary_permutation): `p` is the array of size `r`, as
  commented at permute0().  since `n >= r` here, buffer overflow
  never happened, just reduce unnecessary allocation though.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@46416 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 array.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'array.c')

diff --git a/array.c b/array.c
index 3f5605526e..e8c7fc9627 100644
--- a/array.c
+++ b/array.c
@@ -4858,7 +4858,7 @@ rb_ary_permutation(int argc, VALUE *argv, VALUE ary)
 	}
     }
     else {             /* this is the general case */
-	volatile VALUE t0 = tmpbuf(n,sizeof(long));
+	volatile VALUE t0 = tmpbuf(r,sizeof(long));
 	long *p = (long*)RSTRING_PTR(t0);
 	volatile VALUE t1 = tmpbuf(n,sizeof(char));
 	char *used = (char*)RSTRING_PTR(t1);
-- 
cgit v1.2.3