From d37da601289d13396b1e986b81d51b05bcfdddd5 Mon Sep 17 00:00:00 2001
From: Yusuke Endoh <mame@ruby-lang.org>
Date: Mon, 15 Jul 2019 06:42:55 +0900
Subject: [PATCH] time.c (time_mdump): use another buffer for year_extend

ruby_marshal_write_long may write 9 bytes, but buf has only 8 bytes.
So the buffer cannot be reused.  This issue was found by Coverity Scan.
---
 time.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/time.c b/time.c
index 8d1bfd3452..fe1ef78756 100644
--- a/time.c
+++ b/time.c
@@ -5090,15 +5090,15 @@ time_mdump(VALUE time)
          * binary (like as Fixnum and Bignum).
          */
         size_t ysize = rb_absint_size(year_extend, NULL);
-        char *p;
+        char *p, buf_year_extend[9];
         if (ysize > LONG_MAX ||
-            (i = ruby_marshal_write_long((long)ysize, buf)) < 0) {
+            (i = ruby_marshal_write_long((long)ysize, buf_year_extend)) < 0) {
             rb_raise(rb_eArgError, "year too %s to marshal: %"PRIsVALUE" UTC",
                      (year == 1900 ? "small" : "big"), vtm.year);
         }
         rb_str_resize(str, sizeof(buf) + i + ysize);
         p = RSTRING_PTR(str) + sizeof(buf);
-        memcpy(p, buf, i);
+        memcpy(p, buf_year_extend, i);
         p += i;
         rb_integer_pack(year_extend, p, ysize, 1, 0, INTEGER_PACK_LITTLE_ENDIAN);
     }