From c43dd75ea9e2b2f3387e40617d4f4cd86d3841dc Mon Sep 17 00:00:00 2001
From: "Yukihiro \"Matz\" Matsumoto" <matz@ruby.or.jp>
Date: Wed, 3 Feb 2021 13:04:32 +0900
Subject: Avoid Heap Overflow in `heredoc_remove_indent`; fix #5316

---
 mrbgems/mruby-compiler/core/parse.y | 3 ++-
 mrbgems/mruby-compiler/core/y.tab.c | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/mrbgems/mruby-compiler/core/parse.y b/mrbgems/mruby-compiler/core/parse.y
index 1e949a28a..1a97b3ec6 100644
--- a/mrbgems/mruby-compiler/core/parse.y
+++ b/mrbgems/mruby-compiler/core/parse.y
@@ -4693,7 +4693,8 @@ heredoc_remove_indent(parser_state *p, parser_heredoc_info *hinf)
           escaped = escaped->cdr;
         nspaces = nspaces->cdr;
       }
-      newstr[newlen] = '\0';
+      if (newlen < len)
+        newstr[newlen] = '\0';
       pair->car = (node*)newstr;
       pair->cdr = (node*)newlen;
     } else {
diff --git a/mrbgems/mruby-compiler/core/y.tab.c b/mrbgems/mruby-compiler/core/y.tab.c
index 9a53bf326..6c7940a7b 100644
--- a/mrbgems/mruby-compiler/core/y.tab.c
+++ b/mrbgems/mruby-compiler/core/y.tab.c
@@ -10729,7 +10729,8 @@ heredoc_remove_indent(parser_state *p, parser_heredoc_info *hinf)
           escaped = escaped->cdr;
         nspaces = nspaces->cdr;
       }
-      newstr[newlen] = '\0';
+      if (newlen < len)
+        newstr[newlen] = '\0';
       pair->car = (node*)newstr;
       pair->cdr = (node*)newlen;
     } else {
-- 
cgit v1.2.3