From 34a484dabc3825cf03287520171773ccb50000bf Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Sun, 12 Aug 2001 09:41:39 +0000
Subject: * string.c (rb_str_cat): fix buffer overflow.

* string.c (rb_str_append): nothing to append actually when `str2'
  is empty.


git-svn-id: http://svn.ruby-lang.org/repos/ruby/trunk@1675 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 string.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'string.c')

diff --git a/string.c b/string.c
index ec1a31362..0faf54a74 100644
--- a/string.c
+++ b/string.c
@@ -534,7 +534,7 @@ rb_str_cat(str, ptr, len)
 	    (FL_TEST(str, STR_NO_ORIG) && !FL_TEST(str, STR_ASSOC))) {
 	    return rb_str_buf_cat(str, ptr, len);
 	}
-	REALLOC_N(RSTRING(str)->ptr, char, RSTRING(str)->len+1);
+	REALLOC_N(RSTRING(str)->ptr, char, RSTRING(str)->len+len+1);
 	if (ptr) {
 	    memcpy(RSTRING(str)->ptr + RSTRING(str)->len, ptr, len);
 	}
@@ -594,8 +594,8 @@ rb_str_append(str, str2)
 
     StringValue(str2);
     rb_str_modify(str);
-    len = RSTRING(str)->len+RSTRING(str2)->len;
-    if (len > 0) {
+    if (RSTRING(str2)->len > 0) {
+	len = RSTRING(str)->len+RSTRING(str2)->len;
 	if (RSTRING(str)->orig == 0 ||
 	    (FL_TEST(str, STR_NO_ORIG) && !FL_TEST(str, STR_ASSOC))) {
 	    rb_str_buf_append(str, str2);
-- 
cgit