From ddf6eb40c725434fec5341e73777a0d59e135287 Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Wed, 10 Sep 2014 08:05:12 +0000
Subject: [PATCH] variable.c: check index overflow

* variable.c (rb_ivar_set), vm_insnhelper.c (vm_setivar): check
  instance variable index overflow.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@47512 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 variable.c      | 1 +
 vm_insnhelper.c | 5 ++++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/variable.c b/variable.c
index 0f6fba032d..f2c582c915 100644
--- a/variable.c
+++ b/variable.c
@@ -1153,6 +1153,7 @@ rb_ivar_set(VALUE obj, ID id, VALUE val)
         ivar_extended = 0;
         if (!st_lookup(iv_index_tbl, (st_data_t)id, &index)) {
             index = iv_index_tbl->num_entries;
+	    if (index >= INT_MAX) rb_raise(rb_eArgError, "too many instance variables");
             st_add_direct(iv_index_tbl, (st_data_t)id, index);
             ivar_extended = 1;
         }
diff --git a/vm_insnhelper.c b/vm_insnhelper.c
index c9ec803630..05ed3c62aa 100644
--- a/vm_insnhelper.c
+++ b/vm_insnhelper.c
@@ -570,8 +570,11 @@ vm_setivar(VALUE obj, ID id, VALUE val, IC ic, rb_call_info_t *ci, int is_attr)
 		    ic->ic_value.index = index;
 		    ic->ic_serial = RCLASS_SERIAL(klass);
 		}
+		else if (index >= INT_MAX) {
+		    rb_raise(rb_eArgError, "too many instance variables");
+		}
 		else {
-		    ci->aux.index = index + 1;
+		    ci->aux.index = (int)(index + 1);
 		}
 	    }
 	    /* fall through */