From 73e4f069becaf69707b990d658b34155f8973508 Mon Sep 17 00:00:00 2001
From: Bouke van der Bijl <boukevanderbijl@gmail.com>
Date: Fri, 18 Nov 2016 16:17:40 -0500
Subject: Fix nested empty heredoc causing segfault

As reported by https://hackerone.com/jpenalbae
---
 mrbgems/mruby-compiler/core/codegen.c |  6 +++++-
 mrbgems/mruby-compiler/core/parse.y   |  2 +-
 test/t/codegen.rb                     | 10 ++++++++++
 3 files changed, 16 insertions(+), 2 deletions(-)
 create mode 100644 test/t/codegen.rb

diff --git a/mrbgems/mruby-compiler/core/codegen.c b/mrbgems/mruby-compiler/core/codegen.c
index 0c84dd558..13091a6f5 100644
--- a/mrbgems/mruby-compiler/core/codegen.c
+++ b/mrbgems/mruby-compiler/core/codegen.c
@@ -2285,7 +2285,11 @@ codegen(codegen_scope *s, node *tree, int val)
     if (val) {
       node *n = tree;
 
-      if (!n) break;
+      if (!n) {
+        genop(s, MKOP_A(OP_LOADNIL, cursp()));
+        push();
+        break;
+      }
       codegen(s, n->car, VAL);
       n = n->cdr;
       while (n) {
diff --git a/mrbgems/mruby-compiler/core/parse.y b/mrbgems/mruby-compiler/core/parse.y
index 0ff7d819c..c44669f45 100644
--- a/mrbgems/mruby-compiler/core/parse.y
+++ b/mrbgems/mruby-compiler/core/parse.y
@@ -6541,7 +6541,7 @@ mrb_parser_dump(mrb_state *mrb, node *tree, int offset)
 
   case NODE_HEREDOC:
     printf("NODE_HEREDOC (<<%s):\n", ((parser_heredoc_info*)tree)->term);
-    mrb_parser_dump(mrb, ((parser_heredoc_info*)tree)->doc, offset+1);
+    dump_recur(mrb, ((parser_heredoc_info*)tree)->doc, offset+1);
     break;
 
   default:
diff --git a/test/t/codegen.rb b/test/t/codegen.rb
new file mode 100644
index 000000000..2f44ca247
--- /dev/null
+++ b/test/t/codegen.rb
@@ -0,0 +1,10 @@
+##
+# Codegen tests
+
+assert('nested empty heredoc') do
+  _, a = nil, <<B
+#{<<A}
+A
+B
+  assert_equal "\n", a
+end
-- 
cgit v1.2.3