From d3a02a297f5a2a7a7f5951168bd837e3733a3071 Mon Sep 17 00:00:00 2001
From: "Yukihiro \"Matz\" Matsumoto" <matz@ruby.or.jp>
Date: Wed, 22 Apr 2020 16:48:33 +0900
Subject: Fix `instance_exec` and `class_exec` to avoid crash on indirect
 calls.

Thank you @shuujii to additional report on #4973
---
 mrbgems/mruby-class-ext/src/class.c   |  7 ++++++-
 mrbgems/mruby-object-ext/src/object.c | 15 +++------------
 2 files changed, 9 insertions(+), 13 deletions(-)

diff --git a/mrbgems/mruby-class-ext/src/class.c b/mrbgems/mruby-class-ext/src/class.c
index 02ebf80cc..b7b5e18f8 100644
--- a/mrbgems/mruby-class-ext/src/class.c
+++ b/mrbgems/mruby-class-ext/src/class.c
@@ -43,10 +43,15 @@ mrb_mod_module_exec(mrb_state *mrb, mrb_value self)
   const mrb_value *argv;
   mrb_int argc;
   mrb_value blk;
+  struct RClass *c;
 
   mrb_get_args(mrb, "*&!", &argv, &argc, &blk);
 
-  mrb->c->ci->target_class = mrb_class_ptr(self);
+  c = mrb_class_ptr(self);
+  if (mrb->c->ci->acc < 0) {
+    return mrb_yield_with_class(mrb, blk, argc, argv, self, c);
+  }
+  mrb->c->ci->target_class = c;
   return mrb_yield_cont(mrb, blk, self, argc, argv);
 }
 
diff --git a/mrbgems/mruby-object-ext/src/object.c b/mrbgems/mruby-object-ext/src/object.c
index 8d5604cad..31bb689f6 100644
--- a/mrbgems/mruby-object-ext/src/object.c
+++ b/mrbgems/mruby-object-ext/src/object.c
@@ -101,18 +101,9 @@ mrb_obj_instance_exec(mrb_state *mrb, mrb_value self)
   struct RClass *c;
 
   mrb_get_args(mrb, "*&!", &argv, &argc, &blk);
-
-  switch (mrb_type(self)) {
-  case MRB_TT_SYMBOL:
-  case MRB_TT_FIXNUM:
-#ifndef MRB_WITHOUT_FLOAT
-  case MRB_TT_FLOAT:
-#endif
-    c = NULL;
-    break;
-  default:
-    c = mrb_class_ptr(mrb_singleton_class(mrb, self));
-    break;
+  c = mrb_singleton_class_ptr(mrb, self);
+  if (mrb->c->ci->acc < 0) {
+    return mrb_yield_with_class(mrb, blk, argc, argv, self, c);
   }
   mrb->c->ci->target_class = c;
   return mrb_yield_cont(mrb, blk, self, argc, argv);
-- 
cgit v1.2.3