diff options
| author | Peter Zhu <peter@peterzhu.ca> | 2025-12-20 08:40:59 -0500 |
|---|---|---|
| committer | Peter Zhu <peter@peterzhu.ca> | 2025-12-20 11:27:34 -0500 |
| commit | fe9a7448b131a48ee37df720fbbfae3142d274ca (patch) | |
| tree | 072c3fd66d29a1832b59f6a08fe9f5442123eedc | |
| parent | 5cdda61d00a61a7da701efa3ef332267d3724424 (diff) | |
Check slot_size before zeroing memory for GC hook
If the slot_size < RVALUE_SIZE then we would underflow in the memset.
| -rw-r--r-- | gc.c | 5 |
1 files changed, 4 insertions, 1 deletions
@@ -1001,7 +1001,10 @@ newobj_of(rb_ractor_t *cr, VALUE klass, VALUE flags, shape_id_t shape_id, bool w if (UNLIKELY(rb_gc_event_hook_required_p(RUBY_INTERNAL_EVENT_NEWOBJ))) { int lev = RB_GC_VM_LOCK_NO_BARRIER(); { - memset((char *)obj + RVALUE_SIZE, 0, rb_gc_obj_slot_size(obj) - RVALUE_SIZE); + size_t slot_size = rb_gc_obj_slot_size(obj); + if (slot_size > RVALUE_SIZE) { + memset((char *)obj + RVALUE_SIZE, 0, slot_size - RVALUE_SIZE); + } /* We must disable GC here because the callback could call xmalloc * which could potentially trigger a GC, and a lot of code is unsafe |