From 042f98830f97ada46e18a6fecd78b7cbe7a134db Mon Sep 17 00:00:00 2001
From: knu <knu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Tue, 13 Feb 2007 06:06:30 +0000
Subject: [PATCH] * io.c (rb_f_syscall): Fix buffer overflow with syscall  
 arguments.  [ruby-bugs:PR#8541]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@11709 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog | 5 +++++
 io.c      | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 3ce0ff2997..6a911e8aee 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Tue Feb 13 02:21:12 2007  Sam Roberts  <sroberts@uniserve.com>
+
+	* io.c (rb_f_syscall): Fix buffer overflow with syscall
+	  arguments.  [ruby-bugs:PR#8541]
+
 Mon Feb 12 13:57:30 2007  Masaki Suketa  <masaki.suketa@nifty.ne.jp>
 
 	* ext/win32ole/win32ole.c (ole_variant2val): support VT_I8, VT_UI8.
diff --git a/io.c b/io.c
index d4885080d1..57db4a4d05 100644
--- a/io.c
+++ b/io.c
@@ -4980,6 +4980,8 @@ rb_f_syscall(int argc, VALUE *argv)
     rb_secure(2);
     if (argc == 0)
 	rb_raise(rb_eArgError, "too few arguments for syscall");
+    if (argc > sizeof(arg) / sizeof(arg[0]))
+	rb_raise(rb_eArgError, "too many arguments for syscall");
     arg[0] = NUM2LONG(argv[0]); argv++;
     while (items--) {
 	VALUE v = rb_check_string_type(*argv);