From ced2d699b05ae5557f075ab6c0fa8111a7526b6e Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Mon, 24 Jan 2011 23:28:22 +0000
Subject: [PATCH] * string.c (rb_str_resize): get rid of out-of-bound access.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@30652 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog | 4 ++++
 string.c  | 3 ++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index c1bdcc4bdf..083254769b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Tue Jan 25 08:28:19 2011  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* string.c (rb_str_resize): get rid of out-of-bound access.
+
 Tue Jan 25 07:48:22 2011  Kazuhiro NISHIYAMA  <zn@mbf.nifty.com>
 
 	* test/ruby/test_thread.rb: remove unused variables.
diff --git a/string.c b/string.c
index 9e9d911156..e5e24acb72 100644
--- a/string.c
+++ b/string.c
@@ -1748,7 +1748,8 @@ rb_str_resize(VALUE str, long len)
 	else if (len <= RSTRING_EMBED_LEN_MAX) {
 	    char *ptr = RSTRING(str)->as.heap.ptr;
 	    STR_SET_EMBED(str);
-	    if (slen > 0) MEMCPY(RSTRING(str)->as.ary, ptr, char, len);
+	    if (slen > len) slen = len;
+	    if (slen > 0) MEMCPY(RSTRING(str)->as.ary, ptr, char, slen);
 	    RSTRING(str)->as.ary[len] = '\0';
 	    STR_SET_EMBED_LEN(str, len);
 	    if (independent) xfree(ptr);