From 787a90cdc5fb62568de0e1142f19effacec55482 Mon Sep 17 00:00:00 2001
From: nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Sat, 21 Dec 2013 14:51:01 +0000
Subject: [PATCH] merge revision(s) 43685,43690,43705: [Backport #9110]

	* eval_jump.c (rb_exec_end_proc): fix double free or corruption error
	  when reentering by callcc. [ruby-core:58329] [Bug #9110]

	* test/ruby/test_beginendblock.rb: test for above.

	* eval_jump.c (rb_exec_end_proc): unlink and free procs data before
	  calling for each procs.  [Bug #9110]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@44325 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog                       | 12 ++++++++++++
 eval_jump.c                     | 12 +++++++++---
 test/ruby/test_beginendblock.rb | 11 +++++++++++
 version.h                       |  2 +-
 4 files changed, 33 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index eae24937a8..237cfa5d2e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+Sat Dec 21 23:13:55 2013  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* eval_jump.c (rb_exec_end_proc): unlink and free procs data before
+	  calling for each procs.  [Bug #9110]
+
+Sat Dec 21 23:13:55 2013  Masaki Matsushita  <glass.saga@gmail.com>
+
+	* eval_jump.c (rb_exec_end_proc): fix double free or corruption error
+	  when reentering by callcc. [ruby-core:58329] [Bug #9110]
+
+	* test/ruby/test_beginendblock.rb: test for above.
+
 Sat Dec 21 22:55:03 2013  Nobuyoshi Nakada  <nobu@ruby-lang.org>
 
 	* lib/resolv.rb (Resolv::Hosts#lazy_initialize): should not
diff --git a/eval_jump.c b/eval_jump.c
index 092ab8766a..24bf2a2286 100644
--- a/eval_jump.c
+++ b/eval_jump.c
@@ -96,7 +96,8 @@ rb_mark_end_proc(void)
 void
 rb_exec_end_proc(void)
 {
-    struct end_proc_data *volatile link;
+    struct end_proc_data volatile endproc;
+    struct end_proc_data volatile *link;
     int status;
     volatile int safe = rb_safe_level();
     rb_thread_t *th = GET_THREAD();
@@ -105,6 +106,9 @@ rb_exec_end_proc(void)
     while (ephemeral_end_procs) {
 	link = ephemeral_end_procs;
 	ephemeral_end_procs = link->next;
+	endproc = *link;
+	xfree((void *)link);
+	link = &endproc;
 
 	PUSH_TAG();
 	if ((status = EXEC_TAG()) == 0) {
@@ -116,12 +120,14 @@ rb_exec_end_proc(void)
 	    error_handle(status);
 	    if (!NIL_P(th->errinfo)) errinfo = th->errinfo;
 	}
-	xfree(link);
     }
 
     while (end_procs) {
 	link = end_procs;
 	end_procs = link->next;
+	endproc = *link;
+	xfree((void *)link);
+	link = &endproc;
 
 	PUSH_TAG();
 	if ((status = EXEC_TAG()) == 0) {
@@ -133,8 +139,8 @@ rb_exec_end_proc(void)
 	    error_handle(status);
 	    if (!NIL_P(th->errinfo)) errinfo = th->errinfo;
 	}
-	xfree(link);
     }
+
     rb_set_safe_level_force(safe);
     th->errinfo = errinfo;
 }
diff --git a/test/ruby/test_beginendblock.rb b/test/ruby/test_beginendblock.rb
index beb934b1ac..8054f822fc 100644
--- a/test/ruby/test_beginendblock.rb
+++ b/test/ruby/test_beginendblock.rb
@@ -167,4 +167,15 @@ EOW
       assert_equal(["", "", 42], [out, err, status.exitstatus], "#{bug5218}: #{ex}")
     end
   end
+
+  def test_callcc_at_exit
+    bug9110 = '[ruby-core:58329][Bug #9110]'
+    script = <<EOS
+require "continuation"
+c = nil
+at_exit { c.call }
+at_exit { callcc {|_c| c = _c } }
+EOS
+    assert_normal_exit(script, bug9110)
+  end
 end
diff --git a/version.h b/version.h
index a5d48feb22..1ce2bd6c16 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,6 @@
 #define RUBY_VERSION "2.0.0"
 #define RUBY_RELEASE_DATE "2013-12-21"
-#define RUBY_PATCHLEVEL 368
+#define RUBY_PATCHLEVEL 369
 
 #define RUBY_RELEASE_YEAR 2013
 #define RUBY_RELEASE_MONTH 12