From 2bb30481b6d6aed0f869dd089a56ebe24e8e2349 Mon Sep 17 00:00:00 2001
From: dearblue <dearblue@users.noreply.github.com>
Date: Thu, 4 Jul 2019 21:49:07 +0900
Subject: Fix heap buffer overflow; ref #4549

This patch is showed in #4549.
---
 src/string.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/string.c b/src/string.c
index 6938418fb..7a094b3a7 100644
--- a/src/string.c
+++ b/src/string.c
@@ -1184,7 +1184,7 @@ str_replace_partial(mrb_state *mrb, mrb_value src, mrb_int pos, mrb_int end, mrb
 
   mrb_str_modify(mrb, str);
 
-  if (len < newlen || len - newlen >= shrink_threshold) {
+  if (len < newlen) {
     resize_capa(mrb, str, newlen);
   }
 
@@ -1197,6 +1197,10 @@ str_replace_partial(mrb_state *mrb, mrb_value src, mrb_int pos, mrb_int end, mrb
   RSTR_SET_LEN(str, newlen);
   strp[newlen] = '\0';
 
+  if (len - newlen >= shrink_threshold) {
+    resize_capa(mrb, str, newlen);
+  }
+
   return src;
 }
 
-- 
cgit v1.2.3