Skip to content

M
mruby
Commit f1985304 authored by Yukihiro "Matz" Matsumoto's avatar Yukihiro "Matz" Matsumoto
Browse files
Options

Fixed too much value_copy() when block is not given; fix #3440 

The issue was reported by https://hackerone.com/titanous
parent b2387477
Hide whitespace changes
Inline Side-by-side
Showing with 12 additions and 4 deletions
src/vm.c
View file @ f1985304
......@@ -1151,12 +1151,14 @@ RETRY_TRY_BLOCK:
}
if (GET_OPCODE(i) != OP_SENDB) {
SET_NIL_VALUE(regs[bidx]);
bidx = 0;
}
else {
mrb_value blk = regs[bidx];
if (!mrb_nil_p(blk) && mrb_type(blk) != MRB_TT_PROC) {
regs[bidx] = mrb_convert_type(mrb, blk, MRB_TT_PROC, "Proc", "to_proc");
}
bidx = 1;
}
c = mrb_class(mrb, recv);
m = mrb_method_search_vm(mrb, &c, mid);
......@@ -1177,15 +1179,17 @@ RETRY_TRY_BLOCK:
mrb_method_missing(mrb, mid, recv, args);
}
mid = missing;
if (n == CALL_MAXARGS-1) {
regs[a+1] = mrb_ary_new_from_values(mrb, n, regs+a+1);
n++;
}
if (n == CALL_MAXARGS) {
mrb_ary_unshift(mrb, regs[a+1], sym);
}
else {
value_move(regs+a+2, regs+a+1, ++n);
value_move(regs+a+2, regs+a+1, n+bidx);
regs[a+1] = sym;
if (n == CALL_MAXARGS) {
regs[a+1] = mrb_ary_new_from_values(mrb, n, regs+a+1);
}
n++;
}
}
......@@ -1355,6 +1359,10 @@ RETRY_TRY_BLOCK:
mrb_method_missing(mrb, mid, recv, args);
}
mid = missing;
if (n == CALL_MAXARGS-1) {
regs[a+1] = mrb_ary_new_from_values(mrb, n, regs+a+1);
n++;
}
if (n == CALL_MAXARGS) {
mrb_ary_unshift(mrb, regs[a+1], mrb_symbol_value(ci->mid));
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment