Issue #7046 has been reported by headius (Charles Nutter).

----------------------------------------
Bug #7046: ERB#run and ERB#result are not safe for concurrent use
https://bugs.ruby-lang.org/issues/7046

Author: headius (Charles Nutter)
Status: Open
Priority: Normal
Assignee: 
Category: lib
Target version: 
ruby -v: 2.0.0.dev


ERB#run and ERB#result both accept an optional binding under which to execute the template. However, if none is given, they both use TOPLEVEL_BINDING by default. Given that by default, the _erbout variable is used for the String into which ERB output gets appended, this causes concurrent template execution on the same thread or separate threads to modify the same buffer. On JRuby, this led to overflow errors when in-progress writes saw their buffers suddenly altered.

This also causes any variables or values evaluated at TOPLEVEL to remain referenced.

I have provided a patch (https://gist.github.com/3764377) that is still very close to the toplevel binding, but instead uses the following logic each call to get a new, isolated binding in which to run the template:

eval "proc{binding}.call", TOPLEVEL_BINDING

This provides visibility to all values at TOPLEVEL, isolates runs to reduce concurrency issues, and guarantees any values stored in the binding will be thrown away after execution.

This fix should be backported to 1.9.3 at minimum.


-- 
http://bugs.ruby-lang.org/