From 7c1b3f8a862c860e4b1eb0755a05f37eb39afbef Mon Sep 17 00:00:00 2001
From: "Yukihiro \"Matz\" Matsumoto" <matz@ruby-lang.org>
Date: Fri, 18 Apr 2014 00:56:50 +0900
Subject: mruby-string-utf8: String#reverse! may leak memory when
 mrb_str_modify() raises exception

---
 mrbgems/mruby-string-utf8/src/string.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/mrbgems/mruby-string-utf8/src/string.c b/mrbgems/mruby-string-utf8/src/string.c
index fec0752ba..240a77260 100644
--- a/mrbgems/mruby-string-utf8/src/string.c
+++ b/mrbgems/mruby-string-utf8/src/string.c
@@ -341,14 +341,17 @@ mrb_str_reverse_bang(mrb_state *mrb, mrb_value str)
 {
   mrb_int utf8_len = mrb_utf8_strlen(str, -1);
   if (utf8_len > 1) {
-    mrb_int len = RSTRING_LEN(str);
-    char *buf = (char *)mrb_malloc(mrb, (size_t)len);
-    unsigned char* p = (unsigned char*)buf;
-    unsigned char* e = (unsigned char*)buf + len;
-    unsigned char* r;
+    mrb_int len;
+    char *buf;
+    unsigned char *p, *e, *r;
 
-    memcpy(buf, RSTRING_PTR(str), len);
     mrb_str_modify(mrb, mrb_str_ptr(str));
+    len = RSTRING_LEN(str);
+    buf = (char *)mrb_malloc(mrb, (size_t)len);
+    p = (unsigned char*)buf;
+    e = (unsigned char*)buf + len;
+
+    memcpy(buf, RSTRING_PTR(str), len);
     r = (unsigned char*)RSTRING_PTR(str) + len;
 
     while (p<e) {
-- 
cgit v1.2.3