From a2b27485c1cb4014e41c366e6447382f414360ba Mon Sep 17 00:00:00 2001
From: rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Tue, 6 Dec 2016 06:14:17 +0000
Subject: re.c: check that MatchData is initialized

Follow r16757 ("* re.c: fix SEGV by Regexp.allocate.names,
Match.allocate.names, etc.", 2008-06-02). Don't do null dereference if
MatchData#hash or #== is called against an uninitialized instance.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56994 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 re.c                     | 5 ++++-
 test/ruby/test_regexp.rb | 1 +
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/re.c b/re.c
index 9fec950ed9..069a9bc15d 100644
--- a/re.c
+++ b/re.c
@@ -2948,8 +2948,10 @@ static VALUE
 match_hash(VALUE match)
 {
     const struct re_registers *regs;
-    st_index_t hashval = rb_hash_start(rb_str_hash(RMATCH(match)->str));
+    st_index_t hashval;
 
+    match_check(match);
+    hashval = rb_hash_start(rb_str_hash(RMATCH(match)->str));
     hashval = rb_hash_uint(hashval, reg_hash(RMATCH(match)->regexp));
     regs = RMATCH_REGS(match);
     hashval = rb_hash_uint(hashval, regs->num_regs);
@@ -2974,6 +2976,7 @@ match_equal(VALUE match1, VALUE match2)
     const struct re_registers *regs1, *regs2;
     if (match1 == match2) return Qtrue;
     if (!RB_TYPE_P(match2, T_MATCH)) return Qfalse;
+    if (!RMATCH(match1)->regexp || !RMATCH(match2)->regexp) return Qfalse;
     if (!rb_str_equal(RMATCH(match1)->str, RMATCH(match2)->str)) return Qfalse;
     if (!rb_reg_equal(RMATCH(match1)->regexp, RMATCH(match2)->regexp)) return Qfalse;
     regs1 = RMATCH_REGS(match1);
diff --git a/test/ruby/test_regexp.rb b/test/ruby/test_regexp.rb
index d95f9d7dd4..6039eaf8e2 100644
--- a/test/ruby/test_regexp.rb
+++ b/test/ruby/test_regexp.rb
@@ -946,6 +946,7 @@ class TestRegexp < Test::Unit::TestCase
     assert_raise(TypeError) { Regexp.allocate.names }
     assert_raise(TypeError) { Regexp.allocate.named_captures }
 
+    assert_raise(TypeError) { MatchData.allocate.hash }
     assert_raise(TypeError) { MatchData.allocate.regexp }
     assert_raise(TypeError) { MatchData.allocate.names }
     assert_raise(TypeError) { MatchData.allocate.size }
-- 
cgit v1.2.3