From 3fe939564fc5f4dde52a6b9bc385e558e3423256 Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Fri, 1 Feb 2013 07:35:37 +0000
Subject: [PATCH] marshal.c: prohibit_ivar

* marshal.c (r_object0): prohibit setting instance variables of
  exising class/module.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@39003 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog                 |  5 +++++
 marshal.c                 | 10 ++++++++++
 test/ruby/test_marshal.rb | 14 +++++++++++++-
 3 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 49f89c23ae..1bb0e209f5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Fri Feb  1 16:35:34 2013  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* marshal.c (r_object0): prohibit setting instance variables of
+	  exising class/module.
+
 Fri Feb  1 14:34:29 2013  Shugo Maeda  <shugo@ruby-lang.org>
 
 	* ext/readline/extconf.rb, ext/readline/readline.c: check
diff --git a/marshal.c b/marshal.c
index 4774b8a173..e57c15ca88 100644
--- a/marshal.c
+++ b/marshal.c
@@ -1434,6 +1434,13 @@ append_extmod(VALUE obj, VALUE extmod)
     return obj;
 }
 
+#define prohibit_ivar(type, str) do { \
+	if (!ivp || !*ivp) break; \
+	rb_raise(rb_eTypeError, \
+		 "can't override instance variable of "type" `%"PRIsVALUE"'", \
+		 (str)); \
+    } while (0)
+
 static VALUE
 r_object0(struct load_arg *arg, int *ivp, VALUE extmod)
 {
@@ -1802,6 +1809,7 @@ r_object0(struct load_arg *arg, int *ivp, VALUE extmod)
 	    VALUE str = r_bytes(arg);
 
 	    v = rb_path_to_class(str);
+	    prohibit_ivar("class/module", str);
 	    v = r_entry(v, arg);
             v = r_leave(v, arg);
 	}
@@ -1812,6 +1820,7 @@ r_object0(struct load_arg *arg, int *ivp, VALUE extmod)
 	    VALUE str = r_bytes(arg);
 
 	    v = path2class(str);
+	    prohibit_ivar("class", str);
 	    v = r_entry(v, arg);
             v = r_leave(v, arg);
 	}
@@ -1822,6 +1831,7 @@ r_object0(struct load_arg *arg, int *ivp, VALUE extmod)
 	    VALUE str = r_bytes(arg);
 
 	    v = path2module(str);
+	    prohibit_ivar("module", str);
 	    v = r_entry(v, arg);
             v = r_leave(v, arg);
 	}
diff --git a/test/ruby/test_marshal.rb b/test/ruby/test_marshal.rb
index 8a10ded463..4dcdb605ab 100644
--- a/test/ruby/test_marshal.rb
+++ b/test/ruby/test_marshal.rb
@@ -62,8 +62,8 @@ class TestMarshal < Test::Unit::TestCase
 
   def test_struct_invalid_members
     TestMarshal.const_set :StructInvalidMembers, Struct.new(:a)
-    Marshal.load("\004\bIc&TestMarshal::StructInvalidMembers\006:\020__members__\"\bfoo")
     assert_raise(TypeError, "[ruby-dev:31759]") {
+      Marshal.load("\004\bIc&TestMarshal::StructInvalidMembers\006:\020__members__\"\bfoo")
       TestMarshal::StructInvalidMembers.members
     }
   end
@@ -538,4 +538,16 @@ class TestMarshal < Test::Unit::TestCase
     assert_equal(obj, loaded, bug7627)
     assert_nil(loaded.foo, bug7627)
   end
+
+  def test_class_ivar
+    assert_raise(TypeError) {Marshal.load("\x04\x08Ic\x1bTestMarshal::TestClass\x06:\x0e@ivar_bug\"\x08bug")}
+    assert_raise(TypeError) {Marshal.load("\x04\x08IM\x1bTestMarshal::TestClass\x06:\x0e@ivar_bug\"\x08bug")}
+    assert_not_operator(TestClass, :instance_variable_defined?, :@bug)
+  end
+
+  def test_module_ivar
+    assert_raise(TypeError) {Marshal.load("\x04\x08Im\x1cTestMarshal::TestModule\x06:\x0e@ivar_bug\"\x08bug")}
+    assert_raise(TypeError) {Marshal.load("\x04\x08IM\x1cTestMarshal::TestModule\x06:\x0e@ivar_bug\"\x08bug")}
+    assert_not_operator(TestModule, :instance_variable_defined?, :@bug)
+  end
 end