diff --git a/ChangeLog b/ChangeLog
index f593aaa2ef..8e8e05270a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+Tue May 14 20:11:00 2013  CHIKANAGA Tomoyuki  <nagachika@ruby-lang.org>
+
+	* ext/dl/lib/dl/func.rb (DL::Function#call): check tainted when
+	  $SAFE > 0.
+	* ext/fiddle/function.c (function_call): check tainted when $SAFE > 0.
+	* test/fiddle/test_func.rb (module Fiddle): add test for above.
+
+
 Sun May 12 22:42:25 2013  KOSAKI Motohiro  <kosaki.motohiro@gmail.com>
 
 	* signal.c (rb_f_kill): fixes typo. s/HAS_KILLPG/HAVE_KILLPG/.
diff --git a/ext/dl/lib/dl/func.rb b/ext/dl/lib/dl/func.rb
index a2e503835f..543711f651 100644
--- a/ext/dl/lib/dl/func.rb
+++ b/ext/dl/lib/dl/func.rb
@@ -92,6 +92,9 @@ module DL
         super
       else
         funcs = []
+        if $SAFE >= 1 && args.any? { |x| x.tainted? }
+          raise SecurityError, "tainted parameter not allowed"
+        end
         _args = wrap_args(args, @stack.types, funcs, &block)
         r = @cfunc.call(@stack.pack(_args))
         funcs.each{|f| f.unbind_at_call()}
diff --git a/ext/fiddle/function.c b/ext/fiddle/function.c
index c184c78663..eecd755f1f 100644
--- a/ext/fiddle/function.c
+++ b/ext/fiddle/function.c
@@ -126,6 +126,15 @@ function_call(int argc, VALUE argv[], VALUE self)
 
     TypedData_Get_Struct(self, ffi_cif, &function_data_type, cif);
 
+    if (rb_safe_level() >= 1) {
+	for (i = 0; i < argc; i++) {
+	    VALUE src = argv[i];
+	    if (OBJ_TAINTED(src)) {
+		rb_raise(rb_eSecurityError, "tainted parameter not allowed");
+	    }
+	}
+    }
+
     values = xcalloc((size_t)argc + 1, (size_t)sizeof(void *));
     generic_args = xcalloc((size_t)argc, (size_t)sizeof(fiddle_generic));
 
diff --git a/test/fiddle/test_func.rb b/test/fiddle/test_func.rb
index e77229b7e8..92bcd8ed25 100644
--- a/test/fiddle/test_func.rb
+++ b/test/fiddle/test_func.rb
@@ -7,6 +7,16 @@ module Fiddle
       assert_nil f.call(10)
     end
 
+    def test_syscall_with_tainted_string
+      f = Function.new(@libc['system'], [TYPE_VOIDP], TYPE_INT)
+      assert_raises(SecurityError) do
+        Thread.new {
+          $SAFE = 1
+          f.call("uname -rs".taint)
+        }.join
+      end
+    end
+
     def test_sinf
       begin
         f = Function.new(@libm['sinf'], [TYPE_FLOAT], TYPE_FLOAT)
diff --git a/version.h b/version.h
index 7a0bf9893e..571536ade2 100644
--- a/version.h
+++ b/version.h
@@ -1,10 +1,10 @@
 #define RUBY_VERSION "2.0.0"
-#define RUBY_RELEASE_DATE "2013-05-12"
-#define RUBY_PATCHLEVEL 193
+#define RUBY_RELEASE_DATE "2013-05-14"
+#define RUBY_PATCHLEVEL 194
 
 #define RUBY_RELEASE_YEAR 2013
 #define RUBY_RELEASE_MONTH 5
-#define RUBY_RELEASE_DAY 12
+#define RUBY_RELEASE_DAY 14
 
 #include "ruby/version.h"