diff options
author | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2008-06-25 06:28:53 +0000 |
---|---|---|
committer | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2008-06-25 06:28:53 +0000 |
commit | bdbedc4d4198091cdf6e2de8f7a5666dbc62cd38 (patch) | |
tree | ecadf10a491898b742932bc0d4a222a2897bc797 /array.c | |
parent | c6cb78def2ffd07a15854a66128c4d9910f014ac (diff) | |
download | ruby-bdbedc4d4198091cdf6e2de8f7a5666dbc62cd38.tar.gz ruby-bdbedc4d4198091cdf6e2de8f7a5666dbc62cd38.tar.xz ruby-bdbedc4d4198091cdf6e2de8f7a5666dbc62cd38.zip |
* array.c (rb_ary_fill): not depend on unspecified behavior at integer
overflow. reported by Vincenzo Iozzo <snagg AT openssl.it>.
git-svn-id: http://svn.ruby-lang.org/repos/ruby/trunk@17570 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'array.c')
-rw-r--r-- | array.c | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -2145,10 +2145,10 @@ rb_ary_fill(int argc, VALUE *argv, VALUE ary) break; } rb_ary_modify(ary); - end = beg + len; - if (end < 0) { + if (len > ARY_MAX_SIZE - beg) { rb_raise(rb_eArgError, "argument too big"); } + end = beg + len; if (RARRAY_LEN(ary) < end) { if (end >= ARY_CAPA(ary)) { RESIZE_CAPA(ary, end); |