src/vm.c · 42d23084b72541b74e9f4cc279afc5f89f89d4e1 · Libraries / mruby

fix pointer dereference after realloc · 42d23084

Go Saito authored Feb 23, 2015

In src/vm.c: mrb_funcall_with_block
stack_extend may realloc mrb->c->stbase, if argv points on mruby's stack,
then it points invalid address after stack_extend.

e.g. src/class.c: mrb_instance_new

This code:

```ruby
class A
  def initialize(a0,a1,a2,a3,a4)
    a0.is_a? Array
  end
end

def f(a0,a1,a2,a3,a4)
  A.new(a0,a1,a2,a3,a4)
  f(a0,a1,a2,a3,a4)
end

f(0,1,2,3,4)
```

is expected to get exception
```
stack level too deep. (limit=(0x40000 - 128)) (SystemStackError)
```

but get segfault.
Signed-off-by: Go Saito <gos@iij.ad.jp>

42d23084

vm.c 60.4 KB

Replace vm.c