Skip to content

Commit

Permalink
Fix stack move segfaulting in OP_ARYCAT
Browse files Browse the repository at this point in the history
Reported by https://hackerone.com/haquaman

Testcase (couldn't get it to work as a test):

def nil.b
  b *nil
end
nil.b
  • Loading branch information
bouk committed Dec 1, 2016
1 parent 2cca9d3 commit 7d07466
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/vm.c
Original file line number Diff line number Diff line change
Expand Up @@ -2134,8 +2134,8 @@ mrb_vm_exec(mrb_state *mrb, struct RProc *proc, mrb_code *pc)

CASE(OP_ARYCAT) {
/* A B mrb_ary_concat(R(A),R(B)) */
mrb_ary_concat(mrb, regs[GETARG_A(i)],
mrb_ary_splat(mrb, regs[GETARG_B(i)]));
mrb_value splat = mrb_ary_splat(mrb, regs[GETARG_B(i)]);
mrb_ary_concat(mrb, regs[GETARG_A(i)], splat);
ARENA_RESTORE(mrb, ai);
NEXT;
}
Expand Down

0 comments on commit 7d07466

Please sign in to comment.