From 21035c826db5933cf836a4a12fb74b696a76b255 Mon Sep 17 00:00:00 2001
From: Jeremy Evans <code@jeremyevans.net>
Date: Sat, 3 May 2025 11:20:23 -0700
Subject: Handle mutating of array passed to Set.new during iteration

This avoids a heap-use-after-free.

Fixes [Bug #21306]
---
 test/ruby/test_set.rb | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'test/ruby')

diff --git a/test/ruby/test_set.rb b/test/ruby/test_set.rb
index 225b7da78c..2bb7858eb2 100644
--- a/test/ruby/test_set.rb
+++ b/test/ruby/test_set.rb
@@ -643,6 +643,11 @@ class TC_Set < Test::Unit::TestCase
     assert_equal([o], Set.new.merge(a).to_a)
   end
 
+  def test_initialize_mutating_array_bug_21306
+    a = (1..100).to_a
+    assert_equal(Set[0], Set.new(a){a.clear; 0})
+  end
+
   def test_subtract
     set = Set[1,2,3]
 
-- 
cgit v1.2.3