Don't assign the result of mrb_funcall() directly to regs

dearblue · dearblue · commit c52faebb7f64 · 2026-03-24T21:25:46.000+09:00
There are two reasons:

  - If the mruby call stack is extended, the `ci` variable may become invalid.
  - The C language does not specify the order in which the left-hand and right-hand sides of an assignment expression are evaluated.
    Therefore, if the mruby data stack is extended, `ci-&gt;stack` may become invalid.
diff --git a/src/vm.c b/src/vm.c
@@ -3112,7 +3112,9 @@ mrb_vm_exec(mrb_state *mrb, const struct RProc *begin_proc, const mrb_code *iseq
       {                                                                     \
         mrb_value arg = mrb_int_value(mrb, c);                              \
         mrb_sym mid = MRB_OPSYM(op_name);                                   \
-        regs[a] = mrb_funcall_argv(mrb, regs[a], mid, 1, &arg);             \
+        mrb_value v = mrb_funcall_argv(mrb, regs[a], mid, 1, &arg);         \
+        ci = mrb->c->ci;                                                    \
+        regs[a] = v;                                                        \
         mrb_gc_arena_restore(mrb, ai);                                      \
       }                                                                     \
       break;                                                                \
