From 964427f82c5a8556daf4448b47cc65fb6d2a94b8 Mon Sep 17 00:00:00 2001
From: Francis Bogsanyi <francis.bogsanyi@shopify.com>
Date: Thu, 17 Nov 2016 12:59:27 -0500
Subject: Fix unsafe peephole optimization

Reported by https://hackerone.com/dkasak
---
 mrbgems/mruby-compiler/core/codegen.c |  6 ++++--
 test/t/codegen.rb                     | 11 +++++++++++
 2 files changed, 15 insertions(+), 2 deletions(-)
 create mode 100644 test/t/codegen.rb

diff --git a/mrbgems/mruby-compiler/core/codegen.c b/mrbgems/mruby-compiler/core/codegen.c
index 0c84dd558..39d62348a 100644
--- a/mrbgems/mruby-compiler/core/codegen.c
+++ b/mrbgems/mruby-compiler/core/codegen.c
@@ -1798,8 +1798,10 @@ codegen(codegen_scope *s, node *tree, int val)
         int pos;
 
         pop();
-        if (val && vsp >= 0) {
-          genop(s, MKOP_AB(OP_MOVE, vsp, cursp()));
+        if (val) {
+          if (vsp >= 0) {
+            genop(s, MKOP_AB(OP_MOVE, vsp, cursp()));
+          }
           pos = genop(s, MKOP_AsBx(name[0]=='|'?OP_JMPIF:OP_JMPNOT, cursp(), 0));
         }
         else {
diff --git a/test/t/codegen.rb b/test/t/codegen.rb
new file mode 100644
index 000000000..f910d37fb
--- /dev/null
+++ b/test/t/codegen.rb
@@ -0,0 +1,11 @@
+##
+# Codegen tests
+
+assert('peephole optimization does not eliminate move whose result is reused') do
+  assert_raise LocalJumpError do
+    def method
+      yield
+    end
+    method(&a &&= 0)
+  end
+end
-- 
cgit v1.2.3