Fix heap buffer overflow; ref #4549

This patch is showed in #4549.
author: dearblue <[email protected]> 2019-07-04 21:49:07 +0900
committer: dearblue <[email protected]> 2019-07-04 21:49:07 +0900
commit: 2bb30481b6d6aed0f869dd089a56ebe24e8e2349 (patch)
tree: 6064e25c5d1208a55f16905cd3439c0938aab99c /src/string.c
parent: 93b3b83cc45b60b693223c9e88e71e71f2598480 (diff)
download: mruby-2bb30481b6d6aed0f869dd089a56ebe24e8e2349.tar.gz
mruby-2bb30481b6d6aed0f869dd089a56ebe24e8e2349.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/src/string.c b/src/string.c
index 6938418fb..7a094b3a7 100644
--- a/src/string.c
+++ b/src/string.c
@@ -1184,7 +1184,7 @@ str_replace_partial(mrb_state *mrb, mrb_value src, mrb_int pos, mrb_int end, mrb
 
   mrb_str_modify(mrb, str);
 
-  if (len < newlen || len - newlen >= shrink_threshold) {
+  if (len < newlen) {
     resize_capa(mrb, str, newlen);
   }
 
@@ -1197,6 +1197,10 @@ str_replace_partial(mrb_state *mrb, mrb_value src, mrb_int pos, mrb_int end, mrb
   RSTR_SET_LEN(str, newlen);
   strp[newlen] = '\0';
 
+  if (len - newlen >= shrink_threshold) {
+    resize_capa(mrb, str, newlen);
+  }
+
   return src;
 }
author	dearblue <[email protected]>	2019-07-04 21:49:07 +0900
committer	dearblue <[email protected]>	2019-07-04 21:49:07 +0900
commit	2bb30481b6d6aed0f869dd089a56ebe24e8e2349 (patch)
tree	6064e25c5d1208a55f16905cd3439c0938aab99c /src/string.c
parent	93b3b83cc45b60b693223c9e88e71e71f2598480 (diff)
download	mruby-2bb30481b6d6aed0f869dd089a56ebe24e8e2349.tar.gz mruby-2bb30481b6d6aed0f869dd089a56ebe24e8e2349.zip