From 8fae8e4f1e490888e2cc9b2ea6b8e0d0ff9dd60f Mon Sep 17 00:00:00 2001
From: Bob Nystrom <robert@stuffwithstuff.com>
Date: Fri, 27 Apr 2018 09:13:40 -0700
Subject: [PATCH] Don't overflow signature string if there are too many
 parameters.

Fix #494.
---
 src/vm/wren_compiler.c   | 6 +++++-
 test/regression/494.wren | 3 +++
 2 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 test/regression/494.wren

diff --git a/src/vm/wren_compiler.c b/src/vm/wren_compiler.c
index 582548da..d90273bf 100644
--- a/src/vm/wren_compiler.c
+++ b/src/vm/wren_compiler.c
@@ -1704,7 +1704,11 @@ static void signatureParameterList(char name[MAX_METHOD_SIGNATURE], int* length,
                                    int numParams, char leftBracket, char rightBracket)
 {
   name[(*length)++] = leftBracket;
-  for (int i = 0; i < numParams; i++)
+
+  // This function may be called with too many parameters. When that happens,
+  // a compile error has already been reported, but we need to make sure we
+  // don't overflow the string too, hence the MAX_PARAMETERS check.
+  for (int i = 0; i < numParams && i < MAX_PARAMETERS; i++)
   {
     if (i > 0) name[(*length)++] = ',';
     name[(*length)++] = '_';
diff --git a/test/regression/494.wren b/test/regression/494.wren
new file mode 100644
index 00000000..eea92e40
--- /dev/null
+++ b/test/regression/494.wren
@@ -0,0 +1,3 @@
+0[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+// expect error line 1
+// expect error line 4