3 files changed, 19 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index e3af87068c..d38af7085d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+Tue Apr 22 23:14:28 2014  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* ext/stringio/stringio.c (strio_write): use rb_str_append to
+	  reuse coderange bits and keep taintedness.
+	  [ruby-dev:48118] [Bug #9769]
+
 Tue Apr 22 22:15:51 2014  NAKAMURA Usaku  <usa@ruby-lang.org>
 
 	* file.c (rb_io_statfs): need to define even if the system doesn't have
diff --git a/ext/stringio/stringio.c b/ext/stringio/stringio.c
index e964e79e12..dbd5a287c4 100644
--- a/ext/stringio/stringio.c
+++ b/ext/stringio/stringio.c
@@ -1170,7 +1170,6 @@ strio_write(VALUE self, VALUE str)
     long len, olen;
     rb_encoding *enc, *enc2;
 
-    RB_GC_GUARD(str);
     if (!RB_TYPE_P(str, T_STRING))
 	str = rb_obj_as_string(str);
     enc = rb_enc_get(ptr->string);
@@ -1186,7 +1185,7 @@ strio_write(VALUE self, VALUE str)
 	ptr->pos = olen;
     }
     if (ptr->pos == olen) {
-	rb_enc_str_buf_cat(ptr->string, RSTRING_PTR(str), len, enc);
+	rb_str_append(ptr->string, str);
     }
     else {
 	strio_extend(ptr, ptr->pos, len);
@@ -1194,6 +1193,7 @@ strio_write(VALUE self, VALUE str)
 	OBJ_INFECT(ptr->string, str);
     }
     OBJ_INFECT(ptr->string, self);
+    RB_GC_GUARD(str);
     ptr->pos += len;
     return LONG2NUM(len);
 }
diff --git a/test/stringio/test_stringio.rb b/test/stringio/test_stringio.rb
index c7db91aae1..f4883455f6 100644
--- a/test/stringio/test_stringio.rb
+++ b/test/stringio/test_stringio.rb
@@ -119,6 +119,17 @@ class TestStringIO < Test::Unit::TestCase
     f.close unless f.closed?
   end
 
+  def test_write_infection
+    bug9769 = '[ruby-dev:48118] [Bug #9769]'
+    s = "".untaint
+    f = StringIO.new(s, "w")
+    f.print("bar".taint)
+    f.close
+    assert_predicate(s, :tainted?, bug9769)
+  ensure
+    f.close unless f.closed?
+  end
+
   def test_mode_error
     f = StringIO.new("", "r")
     assert_raise(IOError) { f.write("foo") }