*, z = 1 breaks stack consistency

e$B1sF#$H?=$7$^$9!#e(B

1.9 e$B$,0J2<$GMn$A$^$9!#e(B

$ ./ruby -e ‘while true; *, z = 1; break; end’
-e:1: [BUG] Stack consistency error (sp: 8, bp: 7)
ruby 1.9.0 (2007-12-29 revision 0) [i686-linux]

– control frame ----------
c:0003 p:0018 s:0008 b:0007 l:000006 d:000006 TOP -e:1
c:0002 p:---- s:0004 b:0004 l:000003 d:000003 FINISH :inherited
c:0001 p:0000 s:0002 b:0002 l:000001 d:000001 TOP :17

– backtrace of native function call (Use addr2line) –
0x80eda15
0x810c3be
0x810c41b
0x80eac76
0x80eb454
0x80eb78b
0x805a3f9
0x805e2e0
0x8057f51
0xb7e03ea8
0x8057e61

e$B%"%!<%H$7$^$7$?e(B

expandarray e$B$Ne(B sp e$B$ND4@0$,$*$+$7$$$H;W$$$^$9!#e(Bvm_expandarray
e$B$G$Oe(B
sp += num + is_splat e$B$H$7$F$$$k$@$1$J$N$G!"F1$8$h$&$K$9$Y$-$G$Oe(B
e$B$J$$$G$7$g$&$+!#e(B

Index: insns.def

— insns.def (revision 14780)
+++ insns.def (working copy)
@@ -451,7 +451,7 @@
expandarray
(rb_num_t num, rb_num_t flag)
(…, VALUE ary)
-(…) // inc += flag == 0x02 ? num : ((num > 0) ? num - 1 + (flag ? 1
: 0) : num + 1 - (flag ? 1 : 0));
+(…) // inc += num - 1 + (flag & 1 ? 1 : 0);
{
vm_expandarray(GET_CFP(), ary, num, flag);
}