drbrain	2016-03-17 07:18:12 +0900 (Thu, 17 Mar 2016)

  New Revision: 54136

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=54136

  Log:
    * marshal.c (r_object0):  raise ArgumentError when linking to undefined
      object.

  Modified files:
    trunk/ChangeLog
    trunk/marshal.c
    trunk/test/ruby/test_marshal.rb
Index: marshal.c
===================================================================
--- marshal.c	(revision 54135)
+++ marshal.c	(revision 54136)
@@ -1965,6 +1965,11 @@ r_object0(struct load_arg *arg, int *ivp https://github.com/ruby/ruby/blob/trunk/marshal.c#L1965
 	rb_raise(rb_eArgError, "dump format error(0x%x)", type);
 	break;
     }
+
+    if (v == Qundef) {
+	rb_raise(rb_eArgError, "dump format error (bad link)");
+    }
+
     return v;
 }
 
Index: test/ruby/test_marshal.rb
===================================================================
--- test/ruby/test_marshal.rb	(revision 54135)
+++ test/ruby/test_marshal.rb	(revision 54136)
@@ -725,4 +725,16 @@ class TestMarshal < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/test/ruby/test_marshal.rb#L725
     opt = %w[--disable=gems]
     assert_ruby_status(opt, "Marshal.load(#{crash.dump})")
   end
+
+  def test_marshal_load_r_prepare_reference_crash
+    crash = "\x04\bI/\x05\x00\x06:\x06E{\x06@\x05T"
+
+    opt = %w[--disable=gems]
+    assert_ruby_status(opt, <<-RUBY)
+begin
+  Marshal.load(#{crash.dump})
+rescue ArgumentError
+end
+    RUBY
+  end
 end
Index: ChangeLog
===================================================================
--- ChangeLog	(revision 54135)
+++ ChangeLog	(revision 54136)
@@ -1,3 +1,8 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1
+Thu Mar 17 07:17:36 2016  Eric Hodel  <drbrain@s...>
+
+	* marshal.c (r_object0):  raise ArgumentError when linking to undefined
+	  object.
+
 Thu Mar 17 00:45:00 2016  Kenta Murata  <mrkn@m...>
 
 	* test/ruby/test_bignum.rb: Make sure to use Bignum values in the tests.

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/