From ff9582833d92521e2c724ca944c618974b0608d8 Mon Sep 17 00:00:00 2001
From: Tatsuhiko Kubo <cubicdaiya@gmail.com>
Date: Tue, 19 Aug 2014 17:34:19 +0900
Subject: Fix error hanldlings in read_irep_record().

read_irep_record_1() and read_irep_record() may return NULL.
---
 src/load.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/load.c b/src/load.c
index 0a1436c77..9e8325022 100644
--- a/src/load.c
+++ b/src/load.c
@@ -164,11 +164,18 @@ read_irep_record(mrb_state *mrb, const uint8_t *bin, size_t *len, mrb_bool alloc
   mrb_irep *irep = read_irep_record_1(mrb, bin, len, alloc);
   size_t i;
 
+  if (irep == NULL) {
+    return NULL;
+  }
+
   bin += *len;
   for (i=0; i<irep->rlen; i++) {
     size_t rlen;
 
     irep->reps[i] = read_irep_record(mrb, bin, &rlen, alloc);
+    if (irep->reps[i] == NULL) {
+      return NULL;
+    }
     bin += rlen;
     *len += rlen;
   }
-- 
cgit v1.2.3


From ae306793f231309c12661b111535de6613d5a774 Mon Sep 17 00:00:00 2001
From: Tatsuhiko Kubo <cubicdaiya@gmail.com>
Date: Wed, 20 Aug 2014 04:34:03 +0900
Subject: Use specified macro(NULL) instead of magic-number.

---
 src/class.c   | 6 +++---
 src/codegen.c | 2 +-
 src/parse.y   | 8 ++++----
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/class.c b/src/class.c
index 5ea1f329f..2fa02fa87 100644
--- a/src/class.c
+++ b/src/class.c
@@ -128,7 +128,7 @@ mrb_class_outer_module(mrb_state *mrb, struct RClass *c)
   mrb_value outer;
 
   outer = mrb_obj_iv_get(mrb, (struct RObject*)c, mrb_intern_lit(mrb, "__outer__"));
-  if (mrb_nil_p(outer)) return 0;
+  if (mrb_nil_p(outer)) return NULL;
   return mrb_class_ptr(outer);
 }
 
@@ -1030,7 +1030,7 @@ mrb_method_search_vm(mrb_state *mrb, struct RClass **cp, mrb_sym mid)
     }
     c = c->super;
   }
-  return 0;                  /* no method */
+  return NULL;                  /* no method */
 }
 
 MRB_API struct RProc*
@@ -1295,7 +1295,7 @@ MRB_API struct RClass *
 mrb_class_real(struct RClass* cl)
 {
   if (cl == 0)
-    return 0;
+    return NULL;
   while ((cl->tt == MRB_TT_SCLASS) || (cl->tt == MRB_TT_ICLASS)) {
     cl = cl->super;
   }
diff --git a/src/codegen.c b/src/codegen.c
index 7ff911758..268ecf1e8 100644
--- a/src/codegen.c
+++ b/src/codegen.c
@@ -2470,7 +2470,7 @@ scope_new(mrb_state *mrb, codegen_scope *prev, node *lv)
   mrb_pool *pool = mrb_pool_open(mrb);
   codegen_scope *p = (codegen_scope *)mrb_pool_alloc(pool, sizeof(codegen_scope));
 
-  if (!p) return 0;
+  if (!p) return NULL;
   *p = codegen_scope_zero;
   p->mrb = mrb;
   p->mpool = pool;
diff --git a/src/parse.y b/src/parse.y
index 633d92ad3..03333e808 100644
--- a/src/parse.y
+++ b/src/parse.y
@@ -5365,9 +5365,9 @@ mrb_parser_new(mrb_state *mrb)
   static const parser_state parser_state_zero = { 0 };
 
   pool = mrb_pool_open(mrb);
-  if (!pool) return 0;
+  if (!pool) return NULL;
   p = (parser_state *)mrb_pool_alloc(pool, sizeof(parser_state));
-  if (!p) return 0;
+  if (!p) return NULL;
 
   *p = parser_state_zero;
   p->mrb = mrb;
@@ -5483,7 +5483,7 @@ mrb_parse_file(mrb_state *mrb, FILE *f, mrbc_context *c)
   parser_state *p;
 
   p = mrb_parser_new(mrb);
-  if (!p) return 0;
+  if (!p) return NULL;
   p->s = p->send = NULL;
   p->f = f;
 
@@ -5498,7 +5498,7 @@ mrb_parse_nstring(mrb_state *mrb, const char *s, int len, mrbc_context *c)
   parser_state *p;
 
   p = mrb_parser_new(mrb);
-  if (!p) return 0;
+  if (!p) return NULL;
   p->s = s;
   p->send = s + len;
 
-- 
cgit v1.2.3


From 5ee00453e00d69c17a8c92db56e61ec042665cb0 Mon Sep 17 00:00:00 2001
From: Tatsuhiko Kubo <cubicdaiya@gmail.com>
Date: Wed, 20 Aug 2014 05:07:40 +0900
Subject: Fix error handling for mrb_pool_realloc().

mrb_pool_alloc() may return NULL.
---
 src/pool.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/pool.c b/src/pool.c
index 4d8c42dd1..ffddd2552 100644
--- a/src/pool.c
+++ b/src/pool.c
@@ -166,6 +166,9 @@ mrb_pool_realloc(mrb_pool *pool, void *p, size_t oldlen, size_t newlen)
     page = page->next;
   }
   np = mrb_pool_alloc(pool, newlen);
+  if (np == NULL) {
+      return NULL;
+  }
   memcpy(np, p, oldlen);
   return np;
 }
-- 
cgit v1.2.3


From 53a7549e1c0dd9a189ac40804b2f5f3e600c9e76 Mon Sep 17 00:00:00 2001
From: Tatsuhiko Kubo <cubicdaiya@gmail.com>
Date: Wed, 20 Aug 2014 05:15:21 +0900
Subject: Fix error handling for mrb_open_allocf().

When DISABLE_GEMS is not defined and
a return value of mrb_open_core() is NULL,
mrb_open_allocf() may cause SEGV.
---
 src/state.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/state.c b/src/state.c
index 9c16524f2..8d6993b6f 100644
--- a/src/state.c
+++ b/src/state.c
@@ -110,6 +110,10 @@ mrb_open_allocf(mrb_allocf f, void *ud)
 {
   mrb_state *mrb = mrb_open_core(f, ud);
 
+  if (mrb == NULL) {
+    return NULL;
+  }
+
 #ifndef DISABLE_GEMS
   mrb_init_mrbgems(mrb);
   mrb_gc_arena_restore(mrb, 0);
-- 
cgit v1.2.3


From effc44f265c19d25545e01b94831631c3a5bef5f Mon Sep 17 00:00:00 2001
From: Tatsuhiko Kubo <cubicdaiya@gmail.com>
Date: Wed, 20 Aug 2014 05:48:09 +0900
Subject: Fix error handlings for mrb_open_core().

---
 tasks/mrbgem_spec.rake  | 1 +
 tasks/mrbgems_test.rake | 4 ++++
 test/init_mrbtest.c     | 4 ++++
 3 files changed, 9 insertions(+)

diff --git a/tasks/mrbgem_spec.rake b/tasks/mrbgem_spec.rake
index 1d97e2bbf..95e1c5f02 100644
--- a/tasks/mrbgem_spec.rake
+++ b/tasks/mrbgem_spec.rake
@@ -183,6 +183,7 @@ module MRuby
 
       def print_gem_test_header(f)
         print_gem_comment(f)
+        f.puts %Q[#include <stdio.h>]
         f.puts %Q[#include <stdlib.h>]
         f.puts %Q[#include "mruby.h"]
         f.puts %Q[#include "mruby/irep.h"]
diff --git a/tasks/mrbgems_test.rake b/tasks/mrbgems_test.rake
index f3496dc8d..016379197 100644
--- a/tasks/mrbgems_test.rake
+++ b/tasks/mrbgems_test.rake
@@ -47,6 +47,10 @@ MRuby.each_target do
           g.test_rbfiles.count.times do |i|
             f.puts %Q[  ai = mrb_gc_arena_save(mrb);]
             f.puts %Q[  mrb2 = mrb_open_core(mrb_default_allocf, NULL);]
+            f.puts %Q[  if (mrb2 == NULL) {]
+            f.puts %Q[    fprintf(stderr, "Invalid mrb_state, exiting \%s", __FUNCTION__);]
+            f.puts %Q[    exit(EXIT_FAILURE);]
+            f.puts %Q[  }]
             dep_list.each do |d|
               f.puts %Q[  GENERATED_TMP_mrb_#{d.funcname}_gem_init(mrb2);]
               f.puts %Q[  mrb_state_atexit(mrb2, GENERATED_TMP_mrb_#{d.funcname}_gem_final);]
diff --git a/test/init_mrbtest.c b/test/init_mrbtest.c
index 2a32f4930..1e2ba92bd 100644
--- a/test/init_mrbtest.c
+++ b/test/init_mrbtest.c
@@ -18,6 +18,10 @@ mrb_init_mrbtest(mrb_state *mrb)
   mrb_load_irep(mrb, mrbtest_assert_irep);
 
   core_test = mrb_open_core(mrb_default_allocf, NULL);
+  if (core_test == NULL) {
+    fprintf(stderr, "Invalid mrb_state, exiting %s", __FUNCTION__);
+    exit(EXIT_FAILURE);
+  }
   mrb_init_test_driver(core_test, mrb_test(mrb_gv_get(mrb, mrb_intern_lit(mrb, "$mrbtest_verbose"))));
   mrb_load_irep(core_test, mrbtest_assert_irep);
   mrb_load_irep(core_test, mrbtest_irep);
-- 
cgit v1.2.3


From ae2d49811a51e38106f34858fd3f4ce24af320c2 Mon Sep 17 00:00:00 2001
From: Tatsuhiko Kubo <cubicdaiya@gmail.com>
Date: Wed, 20 Aug 2014 12:23:26 +0900
Subject: Fix allocation-error-handlings for scope_new().

---
 src/codegen.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/codegen.c b/src/codegen.c
index 268ecf1e8..6e81a51bf 100644
--- a/src/codegen.c
+++ b/src/codegen.c
@@ -85,6 +85,7 @@ static void gen_assignment(codegen_scope *s, node *node, int sp, int val);
 static void gen_vmassignment(codegen_scope *s, node *tree, int rhs, int val);
 
 static void codegen(codegen_scope *s, node *tree, int val);
+static void raise_error(codegen_scope *s, const char *msg);
 
 static void
 codegen_error(codegen_scope *s, const char *message)
@@ -552,6 +553,10 @@ for_body(codegen_scope *s, node *tree)
   codegen(s, tree->cdr->car, VAL);
   /* generate loop-block */
   s = scope_new(s->mrb, s, NULL);
+  if (s == NULL) {
+    raise_error(s, "unexpected scope");
+  }
+
   push();                       /* push for a block parameter */
 
   lp = loop_push(s, LOOP_FOR);
@@ -589,6 +594,10 @@ lambda_body(codegen_scope *s, node *tree, int blk)
   mrb_code c;
   codegen_scope *parent = s;
   s = scope_new(s->mrb, s, tree->car);
+  if (s == NULL) {
+    raise_error(s, "unexpected scope");
+  }
+
   s->mscope = !blk;
 
   if (blk) {
@@ -674,6 +683,9 @@ static int
 scope_body(codegen_scope *s, node *tree, int val)
 {
   codegen_scope *scope = scope_new(s->mrb, s, tree->car);
+  if (scope == NULL) {
+    raise_error(s, "unexpected scope");
+  }
 
   codegen(scope, tree->cdr, VAL);
   if (!s->iseq) {
-- 
cgit v1.2.3


From 05ede52239fce58b6a8be4b72d51db10ae1c2632 Mon Sep 17 00:00:00 2001
From: "Yukihiro \"Matz\" Matsumoto" <matz@ruby-lang.org>
Date: Wed, 20 Aug 2014 23:38:37 +0900
Subject: should use non NULL scope for raise_error(); ref #2547

---
 src/codegen.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/codegen.c b/src/codegen.c
index 6e81a51bf..48ab63de0 100644
--- a/src/codegen.c
+++ b/src/codegen.c
@@ -554,7 +554,7 @@ for_body(codegen_scope *s, node *tree)
   /* generate loop-block */
   s = scope_new(s->mrb, s, NULL);
   if (s == NULL) {
-    raise_error(s, "unexpected scope");
+    raise_error(prev, "unexpected scope");
   }
 
   push();                       /* push for a block parameter */
@@ -595,7 +595,7 @@ lambda_body(codegen_scope *s, node *tree, int blk)
   codegen_scope *parent = s;
   s = scope_new(s->mrb, s, tree->car);
   if (s == NULL) {
-    raise_error(s, "unexpected scope");
+    raise_error(parent, "unexpected scope");
   }
 
   s->mscope = !blk;
-- 
cgit v1.2.3