From e6e66094f983021a2de3241cc7d6f6f14ed11711 Mon Sep 17 00:00:00 2001
From: rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Mon, 26 Sep 2016 07:24:55 +0000
Subject: stringio.c: fix signed integer overflow

* ext/stringio/stringio.c (strio_seek): Avoid signed integer overflow.
  It's not harmful in practice here, but is still undefined behavior.

* ext/stringio/stringio.c (strio_extend): Check that the new length does
  not exceed LONG_MAX. This fixes the invalid write on the overflow.

* test/stringio/test_stringio.rb (test_write_integer_overflow): Add a
  test case for the above fix in strio_extend().

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56253 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 test/stringio/test_stringio.rb | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'test/stringio')

diff --git a/test/stringio/test_stringio.rb b/test/stringio/test_stringio.rb
index a3f6dfc3e8..a900362157 100644
--- a/test/stringio/test_stringio.rb
+++ b/test/stringio/test_stringio.rb
@@ -160,6 +160,15 @@ class TestStringIO < Test::Unit::TestCase
     assert_equal(Encoding::UTF_8, s.encoding, "honor the original encoding over ASCII-8BIT")
   end
 
+  def test_write_integer_overflow
+    long_max = (1 << (RbConfig::SIZEOF["long"] * 8 - 1)) - 1
+    f = StringIO.new
+    f.pos = long_max
+    assert_raise(ArgumentError) {
+      f.write("pos + len overflows")
+    }
+  end
+
   def test_set_encoding
     bug10285 = '[ruby-core:65240] [Bug #10285]'
     f = StringIO.new()
-- 
cgit v1.2.3