From ae824807055802a812a23f19cd1a5086223df11d Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Thu, 5 Aug 2010 03:39:19 +0000
Subject: * string.c (str_make_independent_expand): fix buffer overflow   while
 shrinking.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@28863 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 string.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'string.c')

diff --git a/string.c b/string.c
index d27c67a948..865de57271 100644
--- a/string.c
+++ b/string.c
@@ -1271,8 +1271,9 @@ str_make_independent_expand(VALUE str, long expand)
 
     ptr = ALLOC_N(char, len+expand+1);
     if (RSTRING_PTR(str)) {
-	memcpy(ptr, RSTRING_PTR(str), len);
+	memcpy(ptr, RSTRING_PTR(str), expand < 0 ? len + expand : len);
     }
+    len += expand;
     STR_SET_NOEMBED(str);
     ptr[len] = 0;
     RSTRING(str)->as.heap.ptr = ptr;
-- 
cgit v1.2.3