Fix integer overflow; fix #3473

The fix is suggested by https://hackerone.com/lucnguyen
author: Yukihiro "Matz" Matsumoto <[email protected]> 2017-02-28 09:54:56 +0900
committer: Yukihiro "Matz" Matsumoto <[email protected]> 2017-02-28 09:54:56 +0900
commit: 7db0786abdd243ba031e24683f6140f410b65588 (patch)
tree: 8d11fd945e5d607659cc46b0711ce429a1b48530 /src/string.c
parent: 405f5a2d2ac39cfb9e294aba420fe70d87f15cb1 (diff)
download: mruby-7db0786abdd243ba031e24683f6140f410b65588.tar.gz
mruby-7db0786abdd243ba031e24683f6140f410b65588.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/string.c b/src/string.c
index a0d75f544..9efc89b34 100644
--- a/src/string.c
+++ b/src/string.c
@@ -469,7 +469,7 @@ str_substr(mrb_state *mrb, mrb_value str, mrb_int beg, mrb_int len)
     beg += clen;
     if (beg < 0) return mrb_nil_value();
   }
-  if (beg + len > clen)
+  if (len > clen - beg)
     len = clen - beg;
   if (len <= 0) {
     len = 0;
author	Yukihiro "Matz" Matsumoto <[email protected]>	2017-02-28 09:54:56 +0900
committer	Yukihiro "Matz" Matsumoto <[email protected]>	2017-02-28 09:54:56 +0900
commit	7db0786abdd243ba031e24683f6140f410b65588 (patch)
tree	8d11fd945e5d607659cc46b0711ce429a1b48530 /src/string.c
parent	405f5a2d2ac39cfb9e294aba420fe70d87f15cb1 (diff)
download	mruby-7db0786abdd243ba031e24683f6140f410b65588.tar.gz mruby-7db0786abdd243ba031e24683f6140f410b65588.zip