From 14264f5f622f7a2b7688edfdcfad0aa6d8db155d Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Mon, 15 Oct 2007 00:58:09 +0000
Subject: [PATCH] * marshal.c (r_bytes0): check if source has enough data.  
 [ruby-dev:32054]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@13700 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog                 |  5 +++++
 marshal.c                 |  2 +-
 test/ruby/test_marshal.rb | 20 ++++++++++++++++++++
 version.h                 |  6 +++---
 4 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index fd5d8cd8fa..ef63cb6d60 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Mon Oct 15 09:58:07 2007  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* marshal.c (r_bytes0): check if source has enough data.
+	  [ruby-dev:32054]
+
 Mon Oct 15 01:15:09 2007  Tanaka Akira  <akr@fsij.org>
 
 	* ext/socket/socket.c (s_accept_nonblock): make accepted fd
diff --git a/marshal.c b/marshal.c
index 626a2d0783..fc6bff31c9 100644
--- a/marshal.c
+++ b/marshal.c
@@ -929,7 +929,7 @@ r_bytes0(long len, struct load_arg *arg)
 
     if (len == 0) return rb_str_new(0, 0);
     if (TYPE(arg->src) == T_STRING) {
-	if (RSTRING_LEN(arg->src) > arg->offset) {
+	if (RSTRING_LEN(arg->src) > arg->offset + len) {
 	    str = rb_str_new(RSTRING_PTR(arg->src)+arg->offset, len);
 	    arg->offset += len;
 	}
diff --git a/test/ruby/test_marshal.rb b/test/ruby/test_marshal.rb
index d438ef4d85..049db1221e 100644
--- a/test/ruby/test_marshal.rb
+++ b/test/ruby/test_marshal.rb
@@ -52,4 +52,24 @@ class TestMarshal < Test::Unit::TestCase
       TestMarshal::StructInvalidMembers.members
     }
   end
+
+  class C
+    def initialize(str)
+      @str = str
+    end
+    def _dump(limit)
+      @str
+    end
+    def self._load(s)
+      new(s)
+    end
+  end
+
+  def test_too_long_string
+    (data = Marshal.dump(C.new("a")))[-2, 1] = "\003\377\377\377"
+    e = assert_raise(ArgumentError, "[ruby-dev:32054]") {
+      Marshal.load(data)
+    }
+    assert_equal("marshal data too short", e.message)
+  end
 end
diff --git a/version.h b/version.h
index e6a143fa4a..9a74fe8ffc 100644
--- a/version.h
+++ b/version.h
@@ -1,7 +1,7 @@
 #define RUBY_VERSION "1.9.0"
-#define RUBY_RELEASE_DATE "2007-10-14"
+#define RUBY_RELEASE_DATE "2007-10-15"
 #define RUBY_VERSION_CODE 190
-#define RUBY_RELEASE_CODE 20071014
+#define RUBY_RELEASE_CODE 20071015
 #define RUBY_PATCHLEVEL 0
 
 #define RUBY_VERSION_MAJOR 1
@@ -9,7 +9,7 @@
 #define RUBY_VERSION_TEENY 0
 #define RUBY_RELEASE_YEAR 2007
 #define RUBY_RELEASE_MONTH 10
-#define RUBY_RELEASE_DAY 14
+#define RUBY_RELEASE_DAY 15
 
 #ifdef RUBY_EXTERN
 RUBY_EXTERN const char ruby_version[];