From 7db0786abdd243ba031e24683f6140f410b65588 Mon Sep 17 00:00:00 2001
From: "Yukihiro \"Matz\" Matsumoto" <matz@ruby-lang.org>
Date: Tue, 28 Feb 2017 09:54:56 +0900
Subject: Fix integer overflow; fix #3473

The fix is suggested by https://hackerone.com/lucnguyen
---
 src/string.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/string.c b/src/string.c
index a0d75f544..9efc89b34 100644
--- a/src/string.c
+++ b/src/string.c
@@ -469,7 +469,7 @@ str_substr(mrb_state *mrb, mrb_value str, mrb_int beg, mrb_int len)
     beg += clen;
     if (beg < 0) return mrb_nil_value();
   }
-  if (beg + len > clen)
+  if (len > clen - beg)
     len = clen - beg;
   if (len <= 0) {
     len = 0;
-- 
cgit v1.2.3