From e112c4628168a8ac1069e38b02ceec15b6ab277c Mon Sep 17 00:00:00 2001
From: "Yukihiro \"Matz\" Matsumoto" <matz@ruby.or.jp>
Date: Sun, 6 Jun 2021 08:01:58 +0900
Subject: pack.c: check overflow before calling `pack_x`.

---
 mrbgems/mruby-pack/src/pack.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'mrbgems/mruby-pack')

diff --git a/mrbgems/mruby-pack/src/pack.c b/mrbgems/mruby-pack/src/pack.c
index 17009ee6a..6da0a2c67 100644
--- a/mrbgems/mruby-pack/src/pack.c
+++ b/mrbgems/mruby-pack/src/pack.c
@@ -1191,8 +1191,8 @@ mrb_pack_pack(mrb_state *mrb, mrb_value ary)
     if (dir == PACK_DIR_INVALID)
       continue;
     else if (dir == PACK_DIR_NUL) {
+      if (count > 0 && ridx > INT_MAX - count) goto overflow;
       ridx += pack_x(mrb, mrb_nil_value(), result, ridx, count, flags);
-      if (ridx < 0) goto overflow;
       continue;
     }
 
-- 
cgit v1.2.3