merge revision(s) 3f6d6c0373d2cb005f7cf164414cbb531f42d525:ruby_3_4

	[PATCH] Marshal.load: Check bignum sign

3 files changed, 10 insertions, 1 deletions

diff --git a/marshal.c b/marshal.c
index 08bff9c8e5..79bd2baeaf 100644
--- a/marshal.c
+++ b/marshal.c
@@ -2033,6 +2033,9 @@ r_object_for(struct load_arg *arg, bool partial, int *ivp, VALUE extmod, int typ
             int sign;
 
             sign = r_byte(arg);
+            if (sign != '+' && sign != '-') {
+                rb_raise(rb_eArgError, "invalid Bignum sign");
+            }
             len = r_keep_readable(arg, r_long(arg), 2);
 
             if (SIZEOF_VALUE >= 8 && len <= 4) {
diff --git a/test/ruby/test_marshal.rb b/test/ruby/test_marshal.rb
index a02f15ad8d..0dda9d4294 100644
--- a/test/ruby/test_marshal.rb
+++ b/test/ruby/test_marshal.rb
@@ -941,6 +941,12 @@ class TestMarshal < Test::Unit::TestCase
     end
   end
 
+  def test_bignum_invalid_sign
+    assert_raise(ArgumentError) do
+      Marshal.load("\x04\bl?")
+    end
+  end
+
   class TestMarshalFreezeProc < Test::Unit::TestCase
     include MarshalTestLib
 
diff --git a/version.h b/version.h
index 5bc2abfb00..a9033efa6b 100644
--- a/version.h
+++ b/version.h
@@ -11,7 +11,7 @@
 # define RUBY_VERSION_MINOR RUBY_API_VERSION_MINOR
 #define RUBY_VERSION_TEENY 9
 #define RUBY_RELEASE_DATE RUBY_RELEASE_YEAR_STR"-"RUBY_RELEASE_MONTH_STR"-"RUBY_RELEASE_DAY_STR
-#define RUBY_PATCHLEVEL 93
+#define RUBY_PATCHLEVEL 94
 
 #include "ruby/version.h"
 #include "ruby/internal/abi.h"