From 0048dd118a0d57ff87265593819f9e93e05fafed Mon Sep 17 00:00:00 2001
From: "Yukihiro \"Matz\" Matsumoto" <matz@ruby-lang.org>
Date: Mon, 10 Apr 2017 21:12:41 +0900
Subject: [PATCH] Protect arguments from GC; fix #3597

GC may be called with OP_ENTER (especially when GC_STRESS is set).
---
 src/gc.c | 8 +++++++-
 src/vm.c | 2 +-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/gc.c b/src/gc.c
index 19bc1ad4b2..db70587d5b 100644
--- a/src/gc.c
+++ b/src/gc.c
@@ -545,10 +545,16 @@ mark_context_stack(mrb_state *mrb, struct mrb_context *c)
   size_t i;
   size_t e;
   mrb_value nil;
+  int nregs;
 
   if (c->stack == NULL) return;
   e = c->stack - c->stbase;
-  if (c->ci) e += c->ci->nregs;
+  if (c->ci) {
+    nregs = c->ci->argc + 2;
+    if (c->ci->nregs > nregs)
+      nregs = c->ci->nregs;
+    e += nregs;
+  }
   if (c->stbase + e > c->stend) e = c->stend - c->stbase;
   for (i=0; i<e; i++) {
     mrb_value v = c->stbase[i];
diff --git a/src/vm.c b/src/vm.c
index 1b967ef7ed..0a99e5f412 100644
--- a/src/vm.c
+++ b/src/vm.c
@@ -1589,7 +1589,6 @@ mrb_vm_exec(mrb_state *mrb, struct RProc *proc, mrb_code *pc)
         argc = mrb_ary_ptr(argv[0])->len;
         argv = mrb_ary_ptr(argv[0])->ptr;
       }
-      mrb->c->ci->argc = len;
       if (argc < len) {
         int mlen = m2;
         if (argc < m1+m2) {
@@ -1639,6 +1638,7 @@ mrb_vm_exec(mrb_state *mrb, struct RProc *proc, mrb_code *pc)
         }
         pc += o + 1;
       }
+      mrb->c->ci->argc = len;
       /* clear local (but non-argument) variables */
       if (irep->nlocals-len-2 > 0) {
         stack_clear(&regs[len+2], irep->nlocals-len-2);