Merge pull request #3615 from clayton-shopify/fix-copy-class-null-pointer-deref

Check if sc->mt is initialized before copying it.
author: Yukihiro "Matz" Matsumoto <[email protected]> 2017-04-19 07:07:03 +0900
committer: GitHub <[email protected]> 2017-04-19 07:07:03 +0900
commit: fe3fe8fcccb3ceedc40bc5b7d6b2c00ff1ad6b98 (patch)
tree: 139500705897adc5198876edd7f9741825d6ea82
parent: 79e0314337f64bf48b280197f112070011a3619a (diff)
parent: de969942338ac440294eefb2e7846a6975f4efdd (diff)
download: mruby-fe3fe8fcccb3ceedc40bc5b7d6b2c00ff1ad6b98.tar.gz
mruby-fe3fe8fcccb3ceedc40bc5b7d6b2c00ff1ad6b98.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/src/kernel.c b/src/kernel.c
index ef5bc0839..ce304fd99 100644
--- a/src/kernel.c
+++ b/src/kernel.c
@@ -241,7 +241,12 @@ copy_class(mrb_state *mrb, mrb_value dst, mrb_value src)
     c1->super = mrb_class_ptr(mrb_obj_dup(mrb, mrb_obj_value(c0)));
     c1->super->flags |= MRB_FLAG_IS_ORIGIN;
   }
-  dc->mt = kh_copy(mt, mrb, sc->mt);
+  if (sc->mt) {
+    dc->mt = kh_copy(mt, mrb, sc->mt);
+  }
+  else {
+    dc->mt = kh_init(mt, mrb);
+  }
   dc->super = sc->super;
   MRB_SET_INSTANCE_TT(dc, MRB_INSTANCE_TT(sc));
 }
author	Yukihiro "Matz" Matsumoto <[email protected]>	2017-04-19 07:07:03 +0900
committer	GitHub <[email protected]>	2017-04-19 07:07:03 +0900
commit	fe3fe8fcccb3ceedc40bc5b7d6b2c00ff1ad6b98 (patch)
tree	139500705897adc5198876edd7f9741825d6ea82
parent	79e0314337f64bf48b280197f112070011a3619a (diff)
parent	de969942338ac440294eefb2e7846a6975f4efdd (diff)
download	mruby-fe3fe8fcccb3ceedc40bc5b7d6b2c00ff1ad6b98.tar.gz mruby-fe3fe8fcccb3ceedc40bc5b7d6b2c00ff1ad6b98.zip