From e5e7bd29efd49c4c207da2985610c9ad878d40b0 Mon Sep 17 00:00:00 2001
From: "Yukihiro \"Matz\" Matsumoto" <matz@ruby.or.jp>
Date: Tue, 14 Sep 2021 14:09:13 +0900
Subject: sprintf.c: `width` may have been `INT_MAX`.

Now `width` is limited to `INT16_MIN..INT16_MAX`.
---
 mrbgems/mruby-sprintf/src/sprintf.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'mrbgems/mruby-sprintf')

diff --git a/mrbgems/mruby-sprintf/src/sprintf.c b/mrbgems/mruby-sprintf/src/sprintf.c
index 095269be3..8de3a4541 100644
--- a/mrbgems/mruby-sprintf/src/sprintf.c
+++ b/mrbgems/mruby-sprintf/src/sprintf.c
@@ -692,6 +692,9 @@ retry:
         CHECK_FOR_WIDTH(flags);
         flags |= FWIDTH;
         GETASTER(width);
+        if (width > INT16_MAX || INT16_MIN > width) {
+          mrb_raise(mrb, E_ARGUMENT_ERROR, "width too big");
+        }
         if (width < 0) {
           flags |= FMINUS;
           width = -width;
@@ -1056,7 +1059,7 @@ retry:
             need = BIT_DIGITS(i);
         }
         if (need > MRB_INT_MAX - ((flags&FPREC) ? prec : 6)) {
-        too_big_width:
+        too_big_width_prec:
           mrb_raise(mrb, E_ARGUMENT_ERROR,
                     (width > prec ? "width too big" : "prec too big"));
         }
@@ -1064,7 +1067,7 @@ retry:
         if ((flags&FWIDTH) && need < width)
           need = width;
         if (need > MRB_INT_MAX - 20) {
-          goto too_big_width;
+          goto too_big_width_prec;
         }
         need += 20;
 
-- 
cgit v1.2.3