diff --git a/ChangeLog b/ChangeLog
index 15fa4caf45..7ee9e04af6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+Wed Dec  7 15:31:35 2005  Yukihiro Matsumoto  <matz@ruby-lang.org>
+
+	* sprintf.c (rb_str_format): integer overflow check added.
+
+	* sprintf.c (GETASTER): ditto.
+
 Wed Dec  7 01:02:04 2005  Hidetoshi NAGAI  <nagai@ai.kyutech.ac.jp>
 
 	* ext/tk/README.macosx-aqua: [new document] tips to avoid the known
@@ -21,8 +27,8 @@ Wed Dec  7 01:02:04 2005  Hidetoshi NAGAI  <nagai@ai.kyutech.ac.jp>
 
 Tue Dec  6 16:48:40 2005  Yukihiro Matsumoto  <matz@ruby-lang.org>
 
-	* gc.c (ruby_xmalloc2): change check for integer overflow.
-	  [ruby-dev:27399]
+	* gc.c (ruby_xmalloc2): change check condition for integer
+	  overflow.  [ruby-dev:27399]
 
 	* gc.c (ruby_xrealloc2): ditto.
 
diff --git a/sprintf.c b/sprintf.c
index c4419259f3..07526756f2 100644
--- a/sprintf.c
+++ b/sprintf.c
@@ -116,6 +116,10 @@ sign_bits(int base, const char *p)
     t = p++; \
     n = 0; \
     for (; p < end && ISDIGIT(*p); p++) { \
+	int times10 = n*10; \
+        if (times10 / 10 != n) {\
+	    rb_raise(rb_eArgError, #val " too big"); \
+	} \
 	n = 10 * n + (*p - '0'); \
     } \
     if (p >= end) { \
@@ -316,6 +320,10 @@ rb_str_format(int argc, const VALUE *argv, VALUE fmt)
 	  case '5': case '6': case '7': case '8': case '9':
 	    n = 0;
 	    for (; p < end && ISDIGIT(*p); p++) {
+		int times10 = n*10;
+		if (times10 / 10 != n) {
+		    rb_raise(rb_eArgError, "width too big");
+		}
 		n = 10 * n + (*p - '0');
 	    }
 	    if (p >= end) {
@@ -337,7 +345,6 @@ rb_str_format(int argc, const VALUE *argv, VALUE fmt)
 	    if (flags & FWIDTH) {
 		rb_raise(rb_eArgError, "width given twice");
 	    }
-
 	    flags |= FWIDTH;
 	    GETASTER(width);
 	    if (width < 0) {