Revert r61936 "compile.c: use ALLOCV_N"

* compile.c (ibf_dump_object_list): `dump->obj_list` is not fixed
  yet, as new objects are pushed by lbf_dump_object_object.
  fixes crash by buffer overflow.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62615 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

2 files changed, 12 insertions, 5 deletions

diff --git a/compile.c b/compile.c
index ba380ab408..33ffe17e54 100644
--- a/compile.c
+++ b/compile.c
@@ -9334,23 +9334,21 @@ ibf_load_object(const struct ibf_load *load, VALUE object_index)
 static void
 ibf_dump_object_list(struct ibf_dump *dump, struct ibf_header *header)
 {
-    VALUE listv;
-    ibf_offset_t *list = ALLOCV_N(ibf_offset_t, listv, RARRAY_LEN(dump->obj_list));
+    VALUE list = rb_ary_tmp_new(RARRAY_LEN(dump->obj_list));
     int i, size;
 
     for (i=0; i<RARRAY_LEN(dump->obj_list); i++) {
 	VALUE obj = RARRAY_AREF(dump->obj_list, i);
 	ibf_offset_t offset = lbf_dump_object_object(dump, obj);
-	list[i] = offset;
+	rb_ary_push(list, UINT2NUM(offset));
     }
     size = i;
     header->object_list_offset = ibf_dump_pos(dump);
 
     for (i=0; i<size; i++) {
-	ibf_offset_t offset = list[i];
+	ibf_offset_t offset = NUM2UINT(RARRAY_AREF(list, i));
 	IBF_WV(offset);
     }
-    ALLOCV_END(listv);
 
     header->object_list_size = size;
 }
diff --git a/test/ruby/test_iseq.rb b/test/ruby/test_iseq.rb
index 6e81c63915..4c811611ba 100644
--- a/test/ruby/test_iseq.rb
+++ b/test/ruby/test_iseq.rb
@@ -395,4 +395,13 @@ class TestISeq < Test::Unit::TestCase
       end
     }
   end
+
+  def test_to_binary_with_objects
+    code = "[]"+100.times.map{|i|"<</#{i}/"}.join
+    bin = assert_nothing_raised {
+      RubyVM::InstructionSequence.compile(code).to_binary
+    }
+    # load_from_binary doesn't work now
+    assert_instance_of(String, bin)
+  end
 end