From 2f1425414226f4ff6698de99b0d1b743368cdb39 Mon Sep 17 00:00:00 2001
From: "Yukihiro \"Matz\" Matsumoto" <matz@ruby.or.jp>
Date: Thu, 16 May 2019 10:13:52 +0900
Subject: Avoid potential integer overflow.

---
 mrbgems/mruby-pack/src/pack.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'mrbgems/mruby-pack')

diff --git a/mrbgems/mruby-pack/src/pack.c b/mrbgems/mruby-pack/src/pack.c
index ac29fdbf3..0c4f0d965 100644
--- a/mrbgems/mruby-pack/src/pack.c
+++ b/mrbgems/mruby-pack/src/pack.c
@@ -1075,10 +1075,11 @@ alias:
     if (ISDIGIT(ch)) {
       count = ch - '0';
       while (tmpl->idx < tlen && ISDIGIT(tptr[tmpl->idx])) {
-        count = count * 10 + (tptr[tmpl->idx++] - '0');
-        if (count < 0) {
+        int ch = tptr[tmpl->idx++] - '0';
+        if (count+ch > INT_MAX/10) {
           mrb_raise(mrb, E_RUNTIME_ERROR, "too big template length");
         }
+        count = count * 10 + ch;
       }
       continue;  /* special case */
     } else if (ch == '*')  {
-- 
cgit v1.2.3