From d518294f2076f3a2cb52996d7fc62aef7b56658e Mon Sep 17 00:00:00 2001
From: "Yukihiro \"Matz\" Matsumoto" <matz@ruby.or.jp>
Date: Sun, 6 Jun 2021 08:01:01 +0900
Subject: pack.c: check overflow before reading count.

---
 mrbgems/mruby-pack/src/pack.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'mrbgems/mruby-pack')

diff --git a/mrbgems/mruby-pack/src/pack.c b/mrbgems/mruby-pack/src/pack.c
index 987385889..17009ee6a 100644
--- a/mrbgems/mruby-pack/src/pack.c
+++ b/mrbgems/mruby-pack/src/pack.c
@@ -1131,10 +1131,10 @@ alias:
     if (ISDIGIT(ch)) {
       count = ch - '0';
       while (tmpl->idx < tlen && ISDIGIT(tptr[tmpl->idx])) {
-        ch = tptr[tmpl->idx++] - '0';
         if (count+10 > INT_MAX/10) {
           mrb_raise(mrb, E_RUNTIME_ERROR, "too big template length");
         }
+        ch = tptr[tmpl->idx++] - '0';
         count = count * 10 + ch;
       }
       continue;  /* special case */
-- 
cgit v1.2.3