mame	2018-11-27 16:34:21 +0900 (Tue, 27 Nov 2018)

  New Revision: 66025

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=66025

  Log:
    compile.c: prevent out-of-bound initialization of coverage counters
    
    The coverage counters is initialized with `counter[lineno - 1] = 0`,
    but lineno may be 0, which led to write access for index -1.
    [ruby-core:90085] [Bug#15346]

  Modified files:
    trunk/compile.c
Index: compile.c
===================================================================
--- compile.c	(revision 66024)
+++ compile.c	(revision 66025)
@@ -2027,7 +2027,9 @@ iseq_set_sequence(rb_iseq_t *iseq, LINK_ https://github.com/ruby/ruby/blob/trunk/compile.c#L2027
                     if (ISEQ_LINE_COVERAGE(iseq) && (events & RUBY_EVENT_COVERAGE_LINE) &&
                         !(rb_get_coverage_mode() & COVERAGE_TARGET_ONESHOT_LINES)) {
                         int line = iobj->insn_info.line_no;
-                        RARRAY_ASET(ISEQ_LINE_COVERAGE(iseq), line - 1, INT2FIX(0));
+			if (line >= 1) {
+			    RARRAY_ASET(ISEQ_LINE_COVERAGE(iseq), line - 1, INT2FIX(0));
+			}
                     }
                     if (ISEQ_BRANCH_COVERAGE(iseq) && (events & RUBY_EVENT_COVERAGE_BRANCH)) {
                         while (RARRAY_LEN(ISEQ_PC2BRANCHINDEX(iseq)) <= code_index) {

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/