Invalid read in mrb_class

[clayton-shopify]

The following input demonstrates a crash:

ObjectSpace.count_objects.reject!{0}-ObjectSpace.each_object{|z:0|}

ASAN report:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==88994==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00010be3ffbf bp 0x7ffee3e2ad70 sp 0x7ffee3e2ac00 T0)
==88994==The signal is caused by a READ memory access.
==88994==Hint: address points to the zero page.
    #0 0x10be3ffbe in mrb_class (mruby:x86_64+0x100088fbe)
    #1 0x10be3c056 in mrb_funcall_with_block (mruby:x86_64+0x100085056)
    #2 0x10be3ac95 in mrb_funcall_argv (mruby:x86_64+0x100083c95)
    #3 0x10be3a6bf in mrb_funcall (mruby:x86_64+0x1000836bf)
    #4 0x10beb6dec in mrb_obj_as_string (mruby:x86_64+0x1000ffdec)
    #5 0x10bf305f7 in mrb_vformat (mruby:x86_64+0x1001795f7)
    #6 0x10bf31d47 in mrb_format (mruby:x86_64+0x10017ad47)
    #7 0x10be68dff in mrb_vm_exec (mruby:x86_64+0x1000b1dff)
    #8 0x10be49f49 in mrb_vm_run (mruby:x86_64+0x100092f49)
    #9 0x10be4103b in mrb_run (mruby:x86_64+0x10008a03b)
    #10 0x10be47324 in mrb_yield_with_class (mruby:x86_64+0x100090324)
    #11 0x10be482c2 in mrb_yield (mruby:x86_64+0x1000912c2)
    #12 0x10c06c6cb in os_each_object_cb (mruby:x86_64+0x1002b56cb)
    #13 0x10bf92f2d in gc_each_objects (mruby:x86_64+0x1001dbf2d)
    #14 0x10bf92c2b in mrb_objspace_each_objects (mruby:x86_64+0x1001dbc2b)
    #15 0x10c06b52b in os_each_object (mruby:x86_64+0x1002b452b)
    #16 0x10be5b520 in mrb_vm_exec (mruby:x86_64+0x1000a4520)
    #17 0x10be49f49 in mrb_vm_run (mruby:x86_64+0x100092f49)
    #18 0x10bea7a4f in mrb_top_run (mruby:x86_64+0x1000f0a4f)
    #19 0x10c0f0f61 in mrb_load_exec (mruby:x86_64+0x100339f61)
    #20 0x10c0f1af9 in mrb_load_file_cxt (mruby:x86_64+0x10033aaf9)
    #21 0x10bdb9e16 in main (mruby:x86_64+0x100002e16)
    #22 0x7fff62a57ed8 in start (libdyld.dylib:x86_64+0x16ed8)

==88994==Register values:
rax = 0x0000100000000000  rbx = 0x00007ffee3e2ac40  rcx = 0x00007ffee3e2ac20  rdx = 0xbebebebebebebec6
rdi = 0x00007ffee3e2ac28  rsi = 0x17d7d7d7d7d7d7d8  rbp = 0x00007ffee3e2ad70  rsp = 0x00007ffee3e2ac00
 r8 = 0x00001fffdc7c5585   r9 = 0x53f21d1030e10000  r10 = 0x000061b000000080  r11 = 0x00001c3600000010
r12 = 0xf2f2f2f2f2f2f2f8  r13 = 0xf8f8f8f8f8f8f8f8  r14 = 0x00001fffdc7c56ec  r15 = 0xf2f8f2f2f8f8f2f2
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (mruby:x86_64+0x100088fbe) in mrb_class
==88994==ABORTING
Abort trap: 6

This issue was reported by Dinko Galetic & Denis Kasak (https://hackerone.com/dgaletic).