From ab63ee61ca2c130907d68d656ff7486ec2d29db8 Mon Sep 17 00:00:00 2001
From: "Yukihiro \"Matz\" Matsumoto" <matz@ruby-lang.org>
Date: Mon, 3 Apr 2017 18:47:38 +0900
Subject: Fixed out-of-bounds access of `ensure[]`; ref #3491

---
 src/vm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/vm.c b/src/vm.c
index 87262f1be..bb4023da2 100644
--- a/src/vm.c
+++ b/src/vm.c
@@ -1142,7 +1142,7 @@ RETRY_TRY_BLOCK:
 
       p = mrb_closure_new(mrb, irep->reps[GETARG_Bx(i)]);
       /* push ensure_stack */
-      if (mrb->c->esize <= mrb->c->ci->eidx) {
+      if (mrb->c->esize <= mrb->c->ci->eidx+1) {
         if (mrb->c->esize == 0) mrb->c->esize = 16;
         else mrb->c->esize *= 2;
         mrb->c->ensure = (struct RProc **)mrb_realloc(mrb, mrb->c->ensure, sizeof(struct RProc*) * mrb->c->esize);
-- 
cgit v1.2.3