Ruby » Ruby master

String#b: Don't depend on dependent string

Registering a string that depend on a dependent string as fstring
can lead to use-after-free. See c06ddfe and 3f95620 for details.

The following script triggers use-after-free on trunk, 2.4.6, 2.5.5
and 2.6.3. Credits to @wanabe (_ wanabe) for using eval as a cross-version way
of registering a fstring.

a = ('j' * 24).b.b
eval('', binding, a)

p a
4.times { GC.start }
p a

• string.c (str_replace_shared_without_enc): when given a
  dependent string, depend on the root of the dependent
  string.

[Bug #15934]