[CVE-2018-11743] Should not call `initialize_copy` for `TT_ICLASS

detected by AVAS

https://github.com/mruby/mruby/commit/b64ce17852b180dfeea81cf458660be41a78974d

Change-Id: I315057bcae125e6b02a9d9549584df428a4ed15c

diff --git a/third-party/mruby/src/kernel.c b/third-party/mruby/src/kernel.c
index e9dc93b..1d88006 100644 (file)
--- a/third-party/mruby/src/kernel.c
+++ b/third-party/mruby/src/kernel.c
@@ -279,6 +279,9 @@ static void
 init_copy(mrb_state *mrb, mrb_value dest, mrb_value obj)
 {
   switch (mrb_type(obj)) {
+    case MRB_TT_ICLASS:
+      copy_class(mrb, dest, obj);
+      return;
     case MRB_TT_CLASS:
     case MRB_TT_MODULE:
       copy_class(mrb, dest, obj);