string.c: should not taint fstring

* string.c (rb_obj_as_string): fstring should not be infected.
  re-apply r52872 and fix a typo.
  TODO: other frozen strings also may not be.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52882 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

ChangeLog

@@ -1,3 +1,9 @@
+Fri Dec  4 16:48:19 2015  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* string.c (rb_obj_as_string): fstring should not be infected.
+	  re-apply r52872 and fix a typo.
+	  TODO: other frozen strings also may not be.
+
 Fri Dec  4 15:21:45 2015  SHIBATA Hiroshi  <hsbt@ruby-lang.org>
 
 	* lib/rubygems: Update to RubyGems 2.5.0+ HEAD(fdab4c4).

KNOWNBUGS.rb

@@ -3,12 +3,3 @@
 # So all tests will cause failure.
 #
 
-assert_equal 'false', %q{
-  x = Object.new.taint
-  class << x
-    def to_s; "foo".freeze; end
-  end
-  x.taint
-  [x].join("")
-  eval '"foo".freeze.tainted?'
-}

string.c

@@ -1247,7 +1247,9 @@ rb_obj_as_string(VALUE obj)
     str = rb_funcall(obj, idTo_s, 0);
     if (!RB_TYPE_P(str, T_STRING))
 	return rb_any_to_s(obj);
-    OBJ_INFECT(str, obj);
+    if (!FL_TEST_RAW(str, RSTRING_FSTR) && FL_ABLE(obj))
+	/* fstring must not be tainted, at least */
+	OBJ_INFECT_RAW(str, obj);
     return str;
 }
 

test/ruby/test_object.rb

@@ -755,6 +755,16 @@ class TestObject < Test::Unit::TestCase
       end
     EOS
     assert_match(/\bToS\u{3042}:/, x)
+
+    name = "X".freeze
+    x = Object.new.taint
+    class<<x;self;end.class_eval {define_method(:to_s) {name}}
+    assert_same(name, x.to_s)
+    assert_not_predicate(name, :tainted?)
+    assert_raise(RuntimeError) {name.taint}
+    assert_equal("X", [x].join(""))
+    assert_not_predicate(name, :tainted?)
+    assert_not_predicate(eval('"X".freeze'), :tainted?)
   end
 
   def test_inspect