From ed4aed86fbfdc8133148c6ffa2e03312a601a3cd Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Fri, 17 Jun 2016 23:52:48 +0000
Subject: stringio.c: fix index overflow

* ext/stringio/stringio.c (strio_getline): fix pointer index
  overflow.  reported by Guido Vranken <guido AT guidovranken.nl>.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55432 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 test/stringio/test_stringio.rb | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'test/stringio')

diff --git a/test/stringio/test_stringio.rb b/test/stringio/test_stringio.rb
index bf3a9eeb1b..ce84800d4b 100644
--- a/test/stringio/test_stringio.rb
+++ b/test/stringio/test_stringio.rb
@@ -680,4 +680,16 @@ class TestStringIO < Test::Unit::TestCase
       StringIO.new {}
     end
   end
+
+  def test_overflow
+    limit = (1 << (RbConfig::SIZEOF["size_t"]*8-1)) - 0x10
+    assert_separately(%w[-rstringio], "#{<<-"begin;"}\n#{<<-"end;"}")
+    begin;
+      limit = #{limit}
+      x = ("a"*0x100000)
+      s = StringIO.new(x)
+      s.gets("xxx", limit)
+      assert_equal(0x100000, s.pos)
+    end;
+  end
 end
-- 
cgit v1.2.3