From 8aec568fc50c23f4062153fbc75b423ba22219e9 Mon Sep 17 00:00:00 2001
From: "Yukihiro \"Matz\" Matsumoto" <matz@ruby.or.jp>
Date: Sun, 3 Apr 2022 18:39:40 +0900
Subject: [PATCH] range.c: detect integer overflow.

---
 src/range.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/range.c b/src/range.c
index 7507173b66..34ae7e4510 100644
--- a/src/range.c
+++ b/src/range.c
@@ -362,9 +362,13 @@ range_num_to_a(mrb_state *mrb, mrb_value range)
       mrb_int len;
 
       if (mrb_int_sub_overflow(b, a, &len)) {
+      too_long:
         mrb_raise(mrb, E_RANGE_ERROR, "integer range too long");
       }
-      if (!RANGE_EXCL(r)) len++;
+      if (!RANGE_EXCL(r)) {
+        if (len == MRB_INT_MAX) goto too_long;
+        len++;
+      }
       ary = mrb_ary_new_capa(mrb, len);
       for (mrb_int i=0; i<len; i++) {
         mrb_ary_push(mrb, ary, mrb_int_value(mrb, a+i));