From 695f29cd604787f43be1af16e38d13610bf8312b Mon Sep 17 00:00:00 2001
From: "Yukihiro \"Matz\" Matsumoto" <matz@ruby.or.jp>
Date: Wed, 27 Jun 2018 16:32:24 +0900
Subject: Add negative check in `mrb_str_resize`; fix #4062

---
 src/string.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/string.c')

diff --git a/src/string.c b/src/string.c
index 5cca6d460..fd09e05dc 100644
--- a/src/string.c
+++ b/src/string.c
@@ -708,6 +708,9 @@ mrb_str_resize(mrb_state *mrb, mrb_value str, mrb_int len)
   mrb_int slen;
   struct RString *s = mrb_str_ptr(str);
 
+  if (len < 0) {
+    mrb_raisef(mrb, E_ARGUMENT_ERROR, "negative (or overflowed) string size");
+  }
   mrb_str_modify(mrb, s);
   slen = RSTR_LEN(s);
   if (len != slen) {
-- 
cgit v1.2.3