From 77a5f5b57b3aed623a7aaed65e03f3ebc4070137 Mon Sep 17 00:00:00 2001
From: glass <glass@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Fri, 15 Nov 2013 15:29:23 +0000
Subject: [PATCH]  * eval_jump.c (rb_exec_end_proc): fix double free or
 corruption error    when reentering by callcc. [ruby-core:58329] [Bug #9110]

 * test/ruby/test_beginendblock.rb: test for above.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43685 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog                       |  7 +++++++
 eval_jump.c                     | 17 +++++++++++++++--
 test/ruby/test_beginendblock.rb | 12 ++++++++++++
 3 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 19711c55d1..c1e5c4df01 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+Sat Nov 16 00:18:36 2013  Masaki Matsushita  <glass.saga@gmail.com>
+
+	* eval_jump.c (rb_exec_end_proc): fix double free or corruption error
+	  when reentering by callcc. [ruby-core:58329] [Bug #9110]
+
+	* test/ruby/test_beginendblock.rb: test for above.
+
 Fri Nov 15 22:21:34 2013  Nobuyoshi Nakada  <nobu@ruby-lang.org>
 
 	* hash.c (hash_foreach_iter, hash_foreach_ensure, rb_hash_foreach):
diff --git a/eval_jump.c b/eval_jump.c
index 092ab8766a..fc8a830575 100644
--- a/eval_jump.c
+++ b/eval_jump.c
@@ -97,6 +97,8 @@ void
 rb_exec_end_proc(void)
 {
     struct end_proc_data *volatile link;
+    struct end_proc_data *ephemeral_end_procs_head = ephemeral_end_procs;
+    struct end_proc_data *end_procs_head = end_procs;
     int status;
     volatile int safe = rb_safe_level();
     rb_thread_t *th = GET_THREAD();
@@ -116,7 +118,6 @@ rb_exec_end_proc(void)
 	    error_handle(status);
 	    if (!NIL_P(th->errinfo)) errinfo = th->errinfo;
 	}
-	xfree(link);
     }
 
     while (end_procs) {
@@ -133,8 +134,20 @@ rb_exec_end_proc(void)
 	    error_handle(status);
 	    if (!NIL_P(th->errinfo)) errinfo = th->errinfo;
 	}
-	xfree(link);
     }
+
+    link = ephemeral_end_procs_head;
+    while (link) {
+	xfree(link);
+	link = link->next;
+    }
+
+    link = end_procs_head;
+    while (link) {
+	xfree(link);
+	link = link->next;
+    }
+
     rb_set_safe_level_force(safe);
     th->errinfo = errinfo;
 }
diff --git a/test/ruby/test_beginendblock.rb b/test/ruby/test_beginendblock.rb
index 0543476875..4e9a4b72b9 100644
--- a/test/ruby/test_beginendblock.rb
+++ b/test/ruby/test_beginendblock.rb
@@ -173,4 +173,16 @@ EOW
       assert_equal(["", "", 42], [out, err, status.exitstatus], "#{bug5218}: #{ex}")
     end
   end
+
+  def test_callcc_at_exit
+    bug9110 = '[ruby-core:58329][Bug #9110]'
+    ruby = EnvUtil.rubybin
+    script = <<EOS
+require "continuation"
+c = nil
+at_exit { c.call }
+at_exit { callcc {|_c| c = _c } }
+EOS
+    assert system(ruby, "-e", script)
+  end
 end