From 59f9cc3fff654668d843f8be9b104d35697a17ab Mon Sep 17 00:00:00 2001
From: Oldes <oldes.huhuman@gmail.com>
Date: Wed, 13 Jun 2018 16:33:39 +0200
Subject: [PATCH] ATRONIX: Check integer overflow before arithmetic operation

Because overflowing is undefined.
---
 src/core/t-string.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/core/t-string.c b/src/core/t-string.c
index d5cbf4d3cb..8358c86f80 100644
--- a/src/core/t-string.c
+++ b/src/core/t-string.c
@@ -30,6 +30,7 @@
 #include "sys-core.h"
 #include "sys-scan.h"
 #include "sys-deci-funcs.h"
+#include "sys-int-funcs.h"
 
 /***********************************************************************
 **
@@ -541,9 +542,10 @@ static REBSER *make_binary(REBVAL *arg, REBOOL make)
 	case A_PICK:
 	case A_POKE:
 		len = Get_Num_Arg(arg); // Position
-		index += len - 1;
 		//if (len > 0) index--;
-		if (index < 0 || index >= tail) {
+		if (REB_I32_SUB_OF(len, 1, &len)
+			|| REB_I32_ADD_OF(index, len, &index)
+			|| index < 0 || index >= tail) {
 			if (action == A_PICK) goto is_none;
 			Trap_Range(arg);
 		}