From 472740de4184c214dfaaf6189fe3bb1b17a15ecc Mon Sep 17 00:00:00 2001
From: Nobuyoshi Nakada <nobu@ruby-lang.org>
Date: Wed, 20 Jul 2022 17:39:54 +0900
Subject: [PATCH] Fix free objects count condition

Free objects have `T_NONE` as the builtin type.  A pointer to a valid
array element will never be `NULL`.
---
 gc.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/gc.c b/gc.c
index e92a576c29..6fbcd74eb1 100644
--- a/gc.c
+++ b/gc.c
@@ -7866,9 +7866,10 @@ gc_verify_heap_page(rb_objspace_t *objspace, struct heap_page *page, VALUE obj)
     for (uintptr_t ptr = start; ptr < end; ptr += slot_size) {
         VALUE val = (VALUE)ptr;
         void *poisoned = asan_unpoison_object_temporary(val);
+        enum ruby_value_type type = BUILTIN_TYPE(val);
 
-	if (RBASIC(val) == 0) free_objects++;
-	if (BUILTIN_TYPE(val) == T_ZOMBIE) zombie_objects++;
+	if (type == T_NONE) free_objects++;
+	if (type == T_ZOMBIE) zombie_objects++;
 	if (RVALUE_PAGE_UNCOLLECTIBLE(page, val) && RVALUE_PAGE_WB_UNPROTECTED(page, val)) {
 	    has_remembered_shady = TRUE;
 	}