kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

Fix use-after-free on -DUSE_EMBED_CI=0

Browse source 
On -DUSE_EMBED_CI=0, there are more GC allocations and the old code
didn't keep old_operands[0] reachable while allocating. On a Debian
based system, I get a crash requiring erb under GC stress mode. On
macOS, tool/transcode-tblgen.rb runs incorrectly if I put GC.stress=true
as the first line.
This commit is contained in:
Alan Wu 2021-07-29 12:04:36 -04:00 committed by GitHub
parent 12d4da7478
commit cbecf9c7ba
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
Notes: git 2021-07-30 01:04:57 +09:00 
Merged: https://github.com/ruby/ruby/pull/4662

Merged-By: XrXr
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
compile.c
View file

@ -3443,11 +3443,11 @@ insn_set_specialized_instruction(rb_iseq_t *iseq, INSN *iobj, int insn_id)
iobj->operand_size = insn_len(insn_id) - 1; iobj->operand_size = insn_len(insn_id) - 1;
if (insn_id == BIN(opt_neq)) { if (insn_id == BIN(opt_neq)) {
VALUE *old_operands = iobj->operands; VALUE original_ci = iobj->operands[0];
iobj->operand_size = 2; iobj->operand_size = 2;
iobj->operands = compile_data_calloc2(iseq, iobj->operand_size, sizeof(VALUE)); iobj->operands = compile_data_calloc2(iseq, iobj->operand_size, sizeof(VALUE));
iobj->operands[0] = (VALUE)new_callinfo(iseq, idEq, 1, 0, NULL, FALSE); iobj->operands[0] = (VALUE)new_callinfo(iseq, idEq, 1, 0, NULL, FALSE);
iobj->operands[1] = old_operands[0]; iobj->operands[1] = original_ci;
} }
return COMPILE_OK; return COMPILE_OK;