From 40869aa9fc8ab194813b850071a43a5a52aff7d8 Mon Sep 17 00:00:00 2001
From: Eric Wong <normalperson@yhbt.net>
Date: Tue, 9 Aug 2011 03:48:59 +0000
Subject: json/generator: enforce Strings for fbuffer_append_str

"to_s" is not guaranteed to return a string and calling
RSTRING_ macros on them blindly can cause bus errors/segfaults.

Found by nobu: [ruby-core:38867]
---
 ext/json/ext/generator/generator.c |  2 +-
 tests/test_json_generate.rb        | 21 +++++++++++++++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/ext/json/ext/generator/generator.c b/ext/json/ext/generator/generator.c
index a75118a..b410eb7 100644
--- a/ext/json/ext/generator/generator.c
+++ b/ext/json/ext/generator/generator.c
@@ -351,7 +351,7 @@ static void fbuffer_append(FBuffer *fb, const char *newstr, unsigned long len)
 
 static void fbuffer_append_str(FBuffer *fb, VALUE str)
 {
-    const char *newstr = RSTRING_PTR(str);
+    const char *newstr = StringValuePtr(str);
     unsigned long len = RSTRING_LEN(str);
 
     RB_GC_GUARD(str);
diff --git a/tests/test_json_generate.rb b/tests/test_json_generate.rb
index bc4e395..368a27e 100755
--- a/tests/test_json_generate.rb
+++ b/tests/test_json_generate.rb
@@ -190,4 +190,25 @@ EOT
     ensure
       GC.stress = stress
   end if GC.respond_to?(:stress=)
+
+
+  def test_broken_bignum # [ruby-core:38867]
+    pid = fork do
+      Bignum.class_eval do
+        def to_s
+        end
+      end
+      begin
+        JSON::Ext::Generator::State.new.generate(1<<64)
+        exit 1
+      rescue TypeError
+        exit 0
+      end
+    end
+    _, status = Process.waitpid2(pid)
+    assert status.success?
+    rescue NotImplementedError
+      # forking to avoid modifying core class of a parent process and
+      # introducing race conditions of tests are run in parallel
+  end
 end
-- 
cgit v1.2.3-24-ge0c7