From e0931126ffcfd13af42c0a7ce4a37cc73f4223da Mon Sep 17 00:00:00 2001
From: "Yukihiro \"Matz\" Matsumoto" <matz@ruby-lang.org>
Date: Thu, 25 May 2017 14:12:16 +0900
Subject: Check env stack length before `OP_SETUPVAR`; ref #3643

---
 src/vm.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'src/vm.c')

diff --git a/src/vm.c b/src/vm.c
index 10c711a49..b3e06cb54 100644
--- a/src/vm.c
+++ b/src/vm.c
@@ -1084,8 +1084,11 @@ RETRY_TRY_BLOCK:
       if (e) {
         mrb_value *regs_a = regs + GETARG_A(i);
         int idx = GETARG_B(i);
-        e->stack[idx] = *regs_a;
-        mrb_write_barrier(mrb, (struct RBasic*)e);
+
+        if (idx < MRB_ENV_STACK_LEN(e)) {
+          e->stack[idx] = *regs_a;
+          mrb_write_barrier(mrb, (struct RBasic*)e);
+        }
       }
       NEXT;
     }
-- 
cgit v1.2.3