From aa0fad51482c24ece58ec7186c45fd340b35ecb1 Mon Sep 17 00:00:00 2001
From: Olek Janiszewski <olek@hoteltonight.com>
Date: Fri, 11 Mar 2016 10:20:41 +0100
Subject: Prevent `Marshal.load` from looping infinitely

Fix a bug in `Marshal.load` that caused it to loop indefinitely when
trying to autoload a constant that resolved to a different name.

This could occur when marshalling an ActiveRecord 4.0 object (e.g. into
memcached) and then trying to unmarshal it with Rails 4.2. The
marshalled payload contains a reference to
`ActiveRecord::ConnectionAdapters::Mysql2Adapter::Column`, which in
Rails 4.2 resolves to
`ActiveRecord::ConnectionAdapters::AbstractMysqlAdapter::Column`.
---
 activesupport/lib/active_support/core_ext/marshal.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'activesupport/lib')

diff --git a/activesupport/lib/active_support/core_ext/marshal.rb b/activesupport/lib/active_support/core_ext/marshal.rb
index e333b26133..ca278cb2fa 100644
--- a/activesupport/lib/active_support/core_ext/marshal.rb
+++ b/activesupport/lib/active_support/core_ext/marshal.rb
@@ -5,7 +5,10 @@ module ActiveSupport
     rescue ArgumentError, NameError => exc
       if exc.message.match(%r|undefined class/module (.+)|)
         # try loading the class/module
-        $1.constantize
+        loaded = $1.constantize
+
+        raise unless $1 == loaded.name
+
         # if it is an IO we need to go back to read the object
         source.rewind if source.respond_to?(:rewind)
         retry
-- 
cgit v1.2.3