Avoid Heap Overflow in `heredoc_remove_indent`; fix #5316

2 files changed, 4 insertions, 2 deletions

diff --git a/mrbgems/mruby-compiler/core/parse.y b/mrbgems/mruby-compiler/core/parse.y
index 1e949a28a..1a97b3ec6 100644
--- a/mrbgems/mruby-compiler/core/parse.y
+++ b/mrbgems/mruby-compiler/core/parse.y
@@ -4693,7 +4693,8 @@ heredoc_remove_indent(parser_state *p, parser_heredoc_info *hinf)
           escaped = escaped->cdr;
         nspaces = nspaces->cdr;
       }
-      newstr[newlen] = '\0';
+      if (newlen < len)
+        newstr[newlen] = '\0';
       pair->car = (node*)newstr;
       pair->cdr = (node*)newlen;
     } else {
diff --git a/mrbgems/mruby-compiler/core/y.tab.c b/mrbgems/mruby-compiler/core/y.tab.c
index 9a53bf326..6c7940a7b 100644
--- a/mrbgems/mruby-compiler/core/y.tab.c
+++ b/mrbgems/mruby-compiler/core/y.tab.c
@@ -10729,7 +10729,8 @@ heredoc_remove_indent(parser_state *p, parser_heredoc_info *hinf)
           escaped = escaped->cdr;
         nspaces = nspaces->cdr;
       }
-      newstr[newlen] = '\0';
+      if (newlen < len)
+        newstr[newlen] = '\0';
       pair->car = (node*)newstr;
       pair->cdr = (node*)newlen;
     } else {