diff --git a/ChangeLog b/ChangeLog
index b46690ffac86fc..116d4133181a83 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Sun Jun 15 22:52:24 2008  Yukihiro Matsumoto  <matz@ruby-lang.org>
+
+	* string.c (rb_str_cat): fixed buffer overrun reported by
+	  Christopher Thompson <cthompson at nexopia.com> in [ruby-core:16746]
+
 Sun Jun 15 22:50:34 2008  Yukihiro Matsumoto  <matz@ruby-lang.org>
 
 	* eval.c (is_defined): add NODE_OP_ASGN_{OR,AND}.  "defined?(a||=1)"
diff --git a/string.c b/string.c
index f5de52c15207ab..5b1aefaac8602b 100644
--- a/string.c
+++ b/string.c
@@ -744,7 +744,7 @@ rb_str_cat(str, ptr, len)
     }
     if (FL_TEST(str, STR_ASSOC)) {
 	rb_str_modify(str);
-	REALLOC_N(RSTRING(str)->ptr, char, RSTRING(str)->len+len);
+	REALLOC_N(RSTRING(str)->ptr, char, RSTRING(str)->len+len+1);
 	memcpy(RSTRING(str)->ptr + RSTRING(str)->len, ptr, len);
 	RSTRING(str)->len += len;
 	RSTRING(str)->ptr[RSTRING(str)->len] = '\0'; /* sentinel */
diff --git a/version.h b/version.h
index 9cf7f01b618915..4af88b0dfab5de 100644
--- a/version.h
+++ b/version.h
@@ -2,7 +2,7 @@
 #define RUBY_RELEASE_DATE "2008-06-15"
 #define RUBY_VERSION_CODE 185
 #define RUBY_RELEASE_CODE 20080615
-#define RUBY_PATCHLEVEL 207
+#define RUBY_PATCHLEVEL 208
 
 #define RUBY_VERSION_MAJOR 1
 #define RUBY_VERSION_MINOR 8