From cae3905e89ebfbfffa181bf94c3ed4550ef87619 Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Fri, 4 Dec 2015 07:48:22 +0000
Subject: [PATCH] string.c: should not taint fstring

* string.c (rb_obj_as_string): fstring should not be infected.
  re-apply r52872 and fix a typo.
  TODO: other frozen strings also may not be.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52882 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog                |  6 ++++++
 KNOWNBUGS.rb             |  9 ---------
 string.c                 |  4 +++-
 test/ruby/test_object.rb | 10 ++++++++++
 4 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index d4a740b7fb..24f6a8a07e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+Fri Dec  4 16:48:19 2015  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* string.c (rb_obj_as_string): fstring should not be infected.
+	  re-apply r52872 and fix a typo.
+	  TODO: other frozen strings also may not be.
+
 Fri Dec  4 15:21:45 2015  SHIBATA Hiroshi  <hsbt@ruby-lang.org>
 
 	* lib/rubygems: Update to RubyGems 2.5.0+ HEAD(fdab4c4).
diff --git a/KNOWNBUGS.rb b/KNOWNBUGS.rb
index d53bdb753b..b97a08d928 100644
--- a/KNOWNBUGS.rb
+++ b/KNOWNBUGS.rb
@@ -3,12 +3,3 @@
 # So all tests will cause failure.
 #
 
-assert_equal 'false', %q{
-  x = Object.new.taint
-  class << x
-    def to_s; "foo".freeze; end
-  end
-  x.taint
-  [x].join("")
-  eval '"foo".freeze.tainted?'
-}
diff --git a/string.c b/string.c
index d1a051b6dd..6d283dd145 100644
--- a/string.c
+++ b/string.c
@@ -1247,7 +1247,9 @@ rb_obj_as_string(VALUE obj)
     str = rb_funcall(obj, idTo_s, 0);
     if (!RB_TYPE_P(str, T_STRING))
 	return rb_any_to_s(obj);
-    OBJ_INFECT(str, obj);
+    if (!FL_TEST_RAW(str, RSTRING_FSTR) && FL_ABLE(obj))
+	/* fstring must not be tainted, at least */
+	OBJ_INFECT_RAW(str, obj);
     return str;
 }
 
diff --git a/test/ruby/test_object.rb b/test/ruby/test_object.rb
index a3c71d605c..29ce7ac76d 100644
--- a/test/ruby/test_object.rb
+++ b/test/ruby/test_object.rb
@@ -755,6 +755,16 @@ class TestObject < Test::Unit::TestCase
       end
     EOS
     assert_match(/\bToS\u{3042}:/, x)
+
+    name = "X".freeze
+    x = Object.new.taint
+    class<<x;self;end.class_eval {define_method(:to_s) {name}}
+    assert_same(name, x.to_s)
+    assert_not_predicate(name, :tainted?)
+    assert_raise(RuntimeError) {name.taint}
+    assert_equal("X", [x].join(""))
+    assert_not_predicate(name, :tainted?)
+    assert_not_predicate(eval('"X".freeze'), :tainted?)
   end
 
   def test_inspect