From 2b9f762ba13cbad50ec33f06a5700f96f0ecbe83 Mon Sep 17 00:00:00 2001
From: "Yukihiro \"Matz\" Matsumoto" <matz@ruby.or.jp>
Date: Thu, 30 Nov 2017 08:17:14 +0900
Subject: Avoid double free() of env stack; fix #3860

Should turn on `MRB_ENV_STACK_UNSHARED` flag only after env stack
reallocation.  `malloc()` may fail.
---
 src/vm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/vm.c b/src/vm.c
index 6ab37ded6..06431b2f0 100644
--- a/src/vm.c
+++ b/src/vm.c
@@ -283,12 +283,12 @@ mrb_env_unshare(mrb_state *mrb, struct REnv *e)
 
     if (!MRB_ENV_STACK_SHARED_P(e)) return;
     if (e->cxt != mrb->c) return;
-    MRB_ENV_UNSHARE_STACK(e);
     p = (mrb_value *)mrb_malloc(mrb, sizeof(mrb_value)*len);
     if (len > 0) {
       stack_copy(p, e->stack, len);
     }
     e->stack = p;
+    MRB_ENV_UNSHARE_STACK(e);
     mrb_write_barrier(mrb, (struct RBasic *)e);
   }
 }
-- 
cgit v1.2.3