--- array.c.old 2008-07-21 12:41:28.000000000 -0700
+++ array.c 2008-07-21 12:50:34.000000000 -0700
@@ -20,6 +20,7 @@
static ID id_cmp;
#define ARY_DEFAULT_SIZE 16
+#define ARY_MAX_SIZE (LONG_MAX / sizeof(VALUE))
void
rb_mem_clear(mem, size)
@@ -2265,10 +2266,10 @@
break;
}
rb_ary_modify(ary);
- end = beg + len;
- if (end < 0) {
+ if (beg >= ARY_MAX_SIZE || len > ARY_MAX_SIZE - beg) {
rb_raise(rb_eArgError, "argument too big");
}
+ end = beg + len;
if (end > RARRAY(ary)->len) {
if (end >= RARRAY(ary)->aux.capa) {
REALLOC_N(RARRAY(ary)->ptr, VALUE, end);