From e0b8876640592400bb0160be2f63e6b54c0ce3cc Mon Sep 17 00:00:00 2001
From: "Yukihiro \"Matz\" Matsumoto" <matz@ruby.or.jp>
Date: Thu, 26 Nov 2020 20:45:06 +0900
Subject: Avoid integer overflow in `rational_new`.

---
 mrbgems/mruby-rational/src/rational.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/mrbgems/mruby-rational/src/rational.c b/mrbgems/mruby-rational/src/rational.c
index 85b1dff07..23d70fc04 100644
--- a/mrbgems/mruby-rational/src/rational.c
+++ b/mrbgems/mruby-rational/src/rational.c
@@ -77,6 +77,9 @@ rational_new(mrb_state *mrb, mrb_int numerator, mrb_int denominator)
   struct mrb_rational *p;
   struct RBasic *rat = rational_alloc(mrb, c, &p);
   if (denominator < 0) {
+    if (numerator == MRB_INT_MIN || denominator == MRB_INT_MIN) {
+      mrb_raise(mrb, E_RANGE_ERROR, "integer overflow in rational");
+    }
     numerator *= -1;
     denominator *= -1;
   }
@@ -115,6 +118,9 @@ rational_new_f(mrb_state *mrb, mrb_float f0)
 
   if (f < 0) { neg = 1; f = -f; }
   while (f != floor(f)) { n <<= 1; f *= 2; }
+  if (!TYPED_FIXABLE(f, rat_float)) {
+    mrb_raise(mrb, E_RANGE_ERROR, "integer overflow in rational");
+  }
   d = (mrb_int)f;
  
   /* continued fraction and check denominator each step */
-- 
cgit v1.2.3