From bd66c5d716eed470957a90bd2851292165550ee1 Mon Sep 17 00:00:00 2001
From: "Yukihiro \"Matz\" Matsumoto" <matz@ruby-lang.org>
Date: Wed, 5 Jul 2017 09:19:06 +0900
Subject: Check stack size before accessing env stack; fix #3727

---
 src/vm.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/vm.c b/src/vm.c
index 4fca2b2ac..8a7627508 100644
--- a/src/vm.c
+++ b/src/vm.c
@@ -2156,7 +2156,8 @@ RETRY_TRY_BLOCK:
       else {
         struct REnv *e = uvenv(mrb, lv-1);
         if (!e || e->cioff == 0 ||
-            (!MRB_ENV_STACK_SHARED_P(e) && e->cxt.mid == 0)) {
+            (!MRB_ENV_STACK_SHARED_P(e) && e->cxt.mid == 0) ||
+            MRB_ENV_STACK_LEN(e) <= m1+r+m2+1) {
           localjump_error(mrb, LOCALJUMP_ERROR_YIELD);
           goto L_RAISE;
         }
-- 
cgit v1.2.3