From d5ac785b315530bcdba7b0a5bf9fd49f1daaaad7 Mon Sep 17 00:00:00 2001
From: Christopher Aue <mail@christopheraue.net>
Date: Sat, 12 Aug 2017 23:59:35 +0200
Subject: Reintroduced not storing converted proc directly in the stack

---
 src/vm.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'src/vm.c')

diff --git a/src/vm.c b/src/vm.c
index 90fa6b3b7..2df465b9d 100644
--- a/src/vm.c
+++ b/src/vm.c
@@ -1345,7 +1345,10 @@ RETRY_TRY_BLOCK:
       else {
         blk = regs[bidx];
         if (!mrb_nil_p(blk) && mrb_type(blk) != MRB_TT_PROC) {
-          blk = regs[bidx] = mrb_convert_type(mrb, blk, MRB_TT_PROC, "Proc", "to_proc");
+          /* store the converted proc not directly in the stack because the stack
+             might have been reallocated during mrb_convert_type(), see #3622 */
+          blk = mrb_convert_type(mrb, blk, MRB_TT_PROC, "Proc", "to_proc");
+          regs[bidx] = blk;
         }
       }
       c = mrb_class(mrb, recv);
@@ -1528,7 +1531,10 @@ RETRY_TRY_BLOCK:
       recv = regs[0];
       blk = regs[bidx];
       if (!mrb_nil_p(blk) && mrb_type(blk) != MRB_TT_PROC) {
-        blk = regs[bidx] = mrb_convert_type(mrb, blk, MRB_TT_PROC, "Proc", "to_proc");
+        /* store the converted proc not directly in the stack because the stack
+           might have been reallocated during mrb_convert_type(), see #3622 */
+        blk = mrb_convert_type(mrb, blk, MRB_TT_PROC, "Proc", "to_proc");
+        regs[bidx] = blk;
       }
       c = ci->target_class->super;
       m = mrb_method_search_vm(mrb, &c, mid);
-- 
cgit v1.2.3