From 3208db7fb3403dfbfd1e81cc4b531f36d5cd5fff Mon Sep 17 00:00:00 2001
From: shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Mon, 12 Nov 2018 08:14:09 +0000
Subject: [PATCH] vm_insnhelper.c: avoid nevative sp

space_size can be zero here, under the following script.  We would
better bail out before bptr calculation.

% ./miniruby --dump=i -e '* = nil'
== disasm: #<ISeq:<main>@-e:1 (1,0)-(1,7)> (catch: FALSE)
0000 putnil                                                           (   1)[Li]
0001 dup
0002 expandarray                  0, 0
0005 leave


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65685 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 vm_insnhelper.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/vm_insnhelper.c b/vm_insnhelper.c
index e8dd174c9f..7fb18714dd 100644
--- a/vm_insnhelper.c
+++ b/vm_insnhelper.c
@@ -1269,7 +1269,10 @@ vm_expandarray(VALUE *sp, VALUE ary, rb_num_t num, int flag)
 	len = (rb_num_t)RARRAY_LEN(ary);
     }
 
-    if (flag & 0x02) {
+    if (space_size == 0) {
+        /* no space left on stack */
+    }
+    else if (flag & 0x02) {
 	/* post: ..., nil ,ary[-1], ..., ary[0..-num] # top */
 	rb_num_t i = 0, j;