`ecall()` should preserve stack address referenced from ci[1].

OP_RETURN accesses ci[1]->stackent that might be broken; fix #3442

1 files changed, 3 insertions, 0 deletions

diff --git a/src/vm.c b/src/vm.c
index e734775e2..276e2ab6d 100644
--- a/src/vm.c
+++ b/src/vm.c
@@ -281,6 +281,7 @@ ecall(mrb_state *mrb, int i)
   mrb_value *self = mrb->c->stack;
   struct RObject *exc;
   int cioff;
+  mrb_value *nstk;
 
   if (i<0) return;
   p = mrb->c->ensure[i];
@@ -289,6 +290,7 @@ ecall(mrb_state *mrb, int i)
     mrb->c->ci->eidx = i;
   cioff = mrb->c->ci - mrb->c->cibase;
   ci = cipush(mrb);
+  nstk = ci->stackent;
   ci->stackent = mrb->c->stack;
   ci->mid = ci[-1].mid;
   ci->acc = CI_ACC_SKIP;
@@ -300,6 +302,7 @@ ecall(mrb_state *mrb, int i)
   exc = mrb->exc; mrb->exc = 0;
   mrb_run(mrb, p, *self);
   mrb->c->ensure[i] = NULL;
+  ci->stackent = nstk;
   mrb->c->ci = mrb->c->cibase + cioff;
   if (!mrb->exc) mrb->exc = exc;
 }