4 files changed, 47 insertions, 4 deletions

diff --git a/ChangeLog b/ChangeLog
index b470262762..10307b8678 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+Wed Aug  5 01:38:27 2009  Yusuke Endoh  <mame@tsg.ne.jp>
+ 
+	* lib/pp.rb (guard_inspect_key): untrust internal hash to prevent
+	  unexpected SecurityError.
+
+	* test/ruby/test_object.rb: add a test for [ruby-dev:38982].
+
 Tue Aug  4 22:10:34 2009  NAKAMURA Usaku  <usa@ruby-lang.org>
 
 	* win32/win32.c (has_redirection): need to execute shell if commandline
diff --git a/lib/pp.rb b/lib/pp.rb
index 41f51b0046..d29dd299cf 100644
--- a/lib/pp.rb
+++ b/lib/pp.rb
@@ -107,17 +107,17 @@ class PP < PrettyPrint
   module PPMethods
     def guard_inspect_key
       if Thread.current[:__recursive_key__] == nil
-        Thread.current[:__recursive_key__] = {}
+        Thread.current[:__recursive_key__] = {}.untrust
       end
 
       if Thread.current[:__recursive_key__][:inspect] == nil
-        Thread.current[:__recursive_key__][:inspect] = {}
+        Thread.current[:__recursive_key__][:inspect] = {}.untrust
       end
 
       save = Thread.current[:__recursive_key__][:inspect]
 
       begin
-        Thread.current[:__recursive_key__][:inspect] = {}
+        Thread.current[:__recursive_key__][:inspect] = {}.untrust
         yield
       ensure
         Thread.current[:__recursive_key__][:inspect] = save
diff --git a/test/ruby/test_object.rb b/test/ruby/test_object.rb
index 2116c6a216..14f189685b 100644
--- a/test/ruby/test_object.rb
+++ b/test/ruby/test_object.rb
@@ -405,4 +405,40 @@ class TestObject < Test::Unit::TestCase
     assert_equal(true, s.untrusted?)
     assert_equal(true, s.tainted?)
   end
+
+  def test_exec_recursive
+    Thread.current[:__recursive_key__] = nil
+    a = [[]]
+    a.inspect
+
+    assert_nothing_raised do
+      -> do
+        $SAFE = 4
+        begin
+          a.hash
+        rescue ArgumentError
+        end
+      end.call
+    end
+
+    -> do
+      assert_nothing_raised do
+        $SAFE = 4
+        a.inspect
+      end
+    end.call
+
+    -> do
+      o = Object.new
+      def o.to_ary(x); end
+      def o.==(x); $SAFE = 4; false; end
+      a = [[o]]
+      b = []
+      b << b
+
+      assert_nothing_raised do
+        b == a
+      end
+    end.call
+  end
 end
diff --git a/version.h b/version.h
index 553a50f7ea..4cd151c7a0 100644
--- a/version.h
+++ b/version.h
@@ -1,5 +1,5 @@
 #define RUBY_VERSION "1.9.1"
-#define RUBY_PATCHLEVEL 270
+#define RUBY_PATCHLEVEL 271
 #define RUBY_VERSION_MAJOR 1
 #define RUBY_VERSION_MINOR 9
 #define RUBY_VERSION_TEENY 1