From 630733f34698047e3b7b4e66cf929f626123b14e Mon Sep 17 00:00:00 2001
From: "Yukihiro \"Matz\" Matsumoto" <matz@ruby-lang.org>
Date: Wed, 30 Nov 2016 03:38:55 +0900
Subject: check ttype before object allocation; fix #3294

---
 src/gc.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'src')

diff --git a/src/gc.c b/src/gc.c
index ecc09374e..69708e40b 100644
--- a/src/gc.c
+++ b/src/gc.c
@@ -479,6 +479,17 @@ mrb_obj_alloc(mrb_state *mrb, enum mrb_vtype ttype, struct RClass *cls)
   static const RVALUE RVALUE_zero = { { { MRB_TT_FALSE } } };
   mrb_gc *gc = &mrb->gc;
 
+  if (cls) {
+    enum mrb_vtype tt = MRB_INSTANCE_TT(cls);
+    if (tt != MRB_TT_FALSE &&
+        ttype != MRB_TT_SCLASS &&
+        ttype != MRB_TT_ICLASS &&
+        ttype != MRB_TT_ENV &&
+        ttype != tt) {
+      mrb_raisef(mrb, E_TYPE_ERROR, "allocation failure of %S", mrb_obj_value(cls));
+    }
+  }
+
 #ifdef MRB_GC_STRESS
   mrb_full_gc(mrb);
 #endif
-- 
cgit v1.2.3