From ab4c7077cc44cd6725625562b7380a44cf462190 Mon Sep 17 00:00:00 2001
From: Yusuke Endoh <mame@ruby-lang.org>
Date: Thu, 1 Dec 2022 01:31:24 +0900
Subject: Prevent segfault in String#scan with ObjectSpace.each_object

Calling `String#scan` without a block creates an incomplete MatchData
object whose `RMATCH(match)->str` is Qfalse. Usually this object is not
leaked, but it was possible to pull it by using ObjectSpace.each_object.

This change hides the internal MatchData object by using rb_obj_hide.

Fixes [Bug #19159]
---
 re.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 're.c')

diff --git a/re.c b/re.c
index 15fe10b6af..b1c9dcd340 100644
--- a/re.c
+++ b/re.c
@@ -1739,6 +1739,13 @@ rb_reg_search_set_match(VALUE re, VALUE str, long pos, int reverse, int set_back
     if (set_backref_str) {
         RMATCH(match)->str = rb_str_new4(str);
     }
+    else {
+        /* Note that a MatchData object with RMATCH(match)->str == 0 is incomplete!
+         * We need to hide the object from ObjectSpace.each_object.
+         * https://bugs.ruby-lang.org/issues/19159
+         */
+        rb_obj_hide(match);
+    }
 
     RMATCH(match)->regexp = re;
     rb_backref_set(match);
-- 
cgit v1.2.1