From c626b823cabf8ee7acbdf57e44597de3974c5f17 Mon Sep 17 00:00:00 2001
From: ksss <co000ri@gmail.com>
Date: Fri, 23 Dec 2016 23:30:35 +0900
Subject: Check overflow string length

Fix #3360
---
 src/string.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/string.c')

diff --git a/src/string.c b/src/string.c
index ce27cdaa1..2d5006612 100644
--- a/src/string.c
+++ b/src/string.c
@@ -756,6 +756,9 @@ mrb_str_concat(mrb_state *mrb, mrb_value self, mrb_value other)
   s2 = mrb_str_ptr(other);
   len = RSTR_LEN(s1) + RSTR_LEN(s2);
 
+  if (len < 0 || len >= MRB_INT_MAX) {
+    mrb_raise(mrb, E_ARGUMENT_ERROR, "string size too big");
+  }
   if (RSTRING_CAPA(self) < len) {
     resize_capa(mrb, s1, len);
   }
-- 
cgit v1.2.3