Return nil when argument to ObjectSpace.internal_class_of is T_IMEMO

The added test case crashes the interpreter because it makes ObjectSpace.internal_class_of return the second VALUE slot of an AST imemo object. The second VALUE slot of `struct rb_ast_struct` is not a VALUE and not a pointer to a Ruby object.
Merged: https://github.com/ruby/ruby/pull/3503
2022-11-09 12:17:21 -05:00 · 2020-09-01 23:13:54 -04:00 · 2020-09-01 23:13:54 -04:00 · 24820d508b · 2020-09-26 01:28:14 +09:00
commit 24820d508b
parent 3a00f2a0f4
2 changed files with 12 additions and 2 deletions
--- a/ext/objspace/objspace.c
+++ b/ext/objspace/objspace.c
@ -895,8 +895,13 @@ objspace_internal_class_of(VALUE self, VALUE obj)
 	obj = (VALUE)DATA_PTR(obj);
    }

-    klass = CLASS_OF(obj);
-    return wrap_klass_iow(klass);
+    if (RB_TYPE_P(obj, T_IMEMO)) {
+        return Qnil;
+    }
+    else {
+        klass = CLASS_OF(obj);
+        return wrap_klass_iow(klass);
+    }
 }

 /*
--- a/test/objspace/test_objspace.rb
+++ b/test/objspace/test_objspace.rb
@ -516,6 +516,11 @@ class TestObjSpace < Test::Unit::TestCase
    assert_operator i, :>, 0
  end

+  def test_internal_class_of_on_ast
+    children = ObjectSpace.reachable_objects_from(RubyVM::AbstractSyntaxTree.parse("kadomatsu"))
+    children.each {|child| ObjectSpace.internal_class_of(child).itself} # this used to crash
+  end
+
  def traverse_super_classes klass
    while klass
      klass = ObjectSpace.internal_super_of(klass)