From 10f7a1373e7e95e7b274517d976feb22ad803158 Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Thu, 16 Jul 2015 05:34:27 +0000
Subject: vm.c: fix mark with rewinding cfp

* vm.c (REWIND_CFP): keep the arguments region inside the valid
  value stack.  [ruby-core:69969] [Bug #11352]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51264 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog |  9 +++------
 vm.c      | 17 +++++++----------
 2 files changed, 10 insertions(+), 16 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 3fee4554ae..3e6f0aa445 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,10 +1,7 @@
-Thu Jul 16 14:18:37 2015  Nobuyoshi Nakada  <nobu@ruby-lang.org>
-
-	* vm.c (m_core_hash_merge_ptr): copy the arguments to the machine
-	  stack before rewinding the control frame pointer and leaving the
-	  arguments outside valid region of the value stack.
-	  [ruby-core:69969] [Bug #11352]
+Thu Jul 16 14:34:24 2015  Nobuyoshi Nakada  <nobu@ruby-lang.org>
 
+	* vm.c (REWIND_CFP): keep the arguments region inside the valid
+	  value stack.  [ruby-core:69969] [Bug #11352]
 
 Thu Jul 16 11:38:21 2015  Eric Wong  <e@80x24.org>
 
diff --git a/vm.c b/vm.c
index 372ba8db5b..bbd5320fc9 100644
--- a/vm.c
+++ b/vm.c
@@ -2297,7 +2297,11 @@ vm_define_method(rb_thread_t *th, VALUE obj, ID id, VALUE iseqval,
 
 #define REWIND_CFP(expr) do { \
     rb_thread_t *th__ = GET_THREAD(); \
-    th__->cfp++; expr; th__->cfp--; \
+    VALUE *const curr_sp = (th__->cfp++)->sp; \
+    VALUE *const saved_sp = th__->cfp->sp; \
+    th__->cfp->sp = curr_sp; \
+    expr; \
+    (th__->cfp--)->sp = saved_sp; \
 } while (0)
 
 static VALUE
@@ -2400,7 +2404,6 @@ static VALUE
 core_hash_merge_ary(VALUE hash, VALUE ary)
 {
     core_hash_merge(hash, RARRAY_LEN(ary), RARRAY_CONST_PTR(ary));
-    RB_GC_GUARD(ary);
     return hash;
 }
 
@@ -2408,14 +2411,8 @@ static VALUE
 m_core_hash_merge_ptr(int argc, VALUE *argv, VALUE recv)
 {
     VALUE hash = argv[0];
-    VALUE *args;
-
-    --argc; ++argv;
-    VM_ASSERT(argc <= 256);
-    args = ALLOCA_N(VALUE, argc);
-    MEMCPY(args, argv, VALUE, argc);
-    argv = args;
-    REWIND_CFP(core_hash_merge(hash, argc, argv));
+
+    REWIND_CFP(core_hash_merge(hash, argc-1, argv+1));
 
     return hash;
 }
-- 
cgit v1.2.3