Null pointer dereference in ary_concat

[clayton-shopify]

The following input demonstrates a crash:

N *case
when nil
->()do end
def e()end
end#

ASAN report:

==56546==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000018 (pc 0x0001083ee4ab bp 0x7fff5780e4f0 sp 0x7fff5780e410 T0)
==56546==The signal is caused by a READ memory access.
==56546==Hint: address points to the zero page.
    #0 0x1083ee4aa in ary_concat array.c:265
    #1 0x1083ee364 in mrb_ary_concat array.c:284
    #2 0x108572ebc in mrb_vm_exec vm.c:2304
    #3 0x10854cf49 in mrb_vm_run vm.c:824
    #4 0x10857f859 in mrb_top_run vm.c:2630
    #5 0x108650845 in mrb_load_exec parse.y:5762
    #6 0x108651655 in mrb_load_file_cxt parse.y:5771
    #7 0x1083e9e76 in main mruby.c:227
    #8 0x7fffbbbba234 in start (libdyld.dylib:x86_64+0x5234)

==56546==Register values:
rax = 0x000000007ffffffe  rbx = 0x00007fff5780e560  rcx = 0x0000000000000018  rdx = 0x0000000000000018
rdi = 0x0000100000000000  rsi = 0x0000100000000003  rbp = 0x00007fff5780e4f0  rsp = 0x00007fff5780e410
 r8 = 0x0000100000000000   r9 = 0x0000100000000000  r10 = 0x0000000109569a48  r11 = 0x6d75ac53ed8a002a
r12 = 0xf2f20000f1f1f1f1  r13 = 0x00001fffeaf02a84  r14 = 0xf2f20000f2f2f2f2  r15 = 0xf2f2f2f2f2040000
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV array.c:265 in ary_concat
==56546==ABORTING
Abort trap: 6

This issue was reported by https://hackerone.com/mg36