From 022570ab8d3de0dd8e0acfb1d927a5e3547ea34e Mon Sep 17 00:00:00 2001
From: "Yukihiro \"Matz\" Matsumoto" <matz@ruby-lang.org>
Date: Tue, 31 Oct 2017 08:58:17 +0900
Subject: Call stack may not reference the destination `proc`; fix #3838

The destination `proc` may be an orphan.
---
 src/vm.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/vm.c b/src/vm.c
index a400190cc..bb884f4a0 100644
--- a/src/vm.c
+++ b/src/vm.c
@@ -1916,6 +1916,7 @@ RETRY_TRY_BLOCK:
         case OP_R_RETURN:
           /* Fall through to OP_R_NORMAL otherwise */
           if (ci->acc >=0 && MRB_PROC_ENV_P(proc) && !MRB_PROC_STRICT_P(proc)) {
+            mrb_callinfo *cibase = mrb->c->cibase;
             dst = top_proc(mrb, proc); 
 
             if (MRB_PROC_ENV_P(dst)) {
@@ -1926,14 +1927,14 @@ RETRY_TRY_BLOCK:
                 goto L_RAISE;
               }
             }
-            while (ci->proc != dst) {
+            while (cibase <= ci && ci->proc != dst) {
               if (ci->acc < 0) {
                 localjump_error(mrb, LOCALJUMP_ERROR_RETURN);
                 goto L_RAISE;
               }
               ci--;
             }
-            if (ci == mrb->c->cibase) {
+            if (ci <= cibase) {
               localjump_error(mrb, LOCALJUMP_ERROR_RETURN);
               goto L_RAISE;
             }
-- 
cgit v1.2.3