From: ko1@...
Date: 2015-08-03T06:13:25+00:00
Subject: [ruby-core:70227] [Ruby trunk - Bug #11409] {instance, module}_eval(&:foo) segfaults since r51243.

Issue #11409 has been updated by Koichi Sasada.


Thank you for reporting a bug and your detailed analysis.
They help me very much.

In this case, I believe `obj' should be Qfalse or T_IMEMO objects. So that we clear by Qfalse intead of Qnil.

Reproducible code:

```ruby
class Foo
end

Foo.instance_eval(&:p)
```

A patch:

```
Index: proc.c
===================================================================
--- proc.c	(revision 51472)
+++ proc.c	(working copy)
@@ -670,7 +670,7 @@ rb_block_clear_env_self(VALUE proc)
     rb_env_t *env;
     GetProcPtr(proc, po);
     GetEnvPtr(rb_vm_proc_envval(po), env);
-    env->env[0] = Qnil;
+    env->env[0] = Qfalse;
     return proc;
 }
 
```


----------------------------------------
Bug #11409: {instance,module}_eval(&:foo) segfaults since r51243.
https://bugs.ruby-lang.org/issues/11409#change-53655

* Author: D.E. Akers
* Status: Assigned
* Priority: Normal
* Assignee: Koichi Sasada
* ruby -v: ruby 2.3.0dev (2015-08-02 trunk 51469) [x86_64-linux]
* Backport: 
----------------------------------------
The segfault only occurs when the argument is a `#to_proc`'d Symbol, and the receiver needn't actually respond to the named method.

This bug was introduced in [a rather large patch](http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=51243), and should almost certainly be fixed in one of the files modified therein. That said, I've discovered that removing the call to `rb_block_clear_env_self()` in `sym_to_proc()` prevents the segfault, as does setting `env->env[0]` to `Qfalse` rather than `Qnil` in `rb_block_clear_env_self()`. Neither of those is a proper fix, of course, but I hope this information may be of use to somebody more intimately familiar with Ruby's internals.



-- 
https://bugs.ruby-lang.org/