* string.c (rb_fstring, fstr_update_callback): simply delete garbage

key first. Garbage keys can be swept by lazy sweeping invoked by creating new fstring. So that simply do: (1) delete garbage key and return `fstr_update_callback' immediately (2) try again `fstr_update_callback()' to create a new fstr. This bug can be cause memory corruption, reported by http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20140821T220302Z.fail.html.gz git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@47252 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: ko1 <ko1@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2014-08-22 11:16:56 +0000
committer: ko1 <ko1@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2014-08-22 11:16:56 +0000
commit: 32dcb81d5851035de6b47ccfd760ee5b78f58d93 (patch)
tree: 1f44b9ba68b65144fd838f6f4840d0cd9b5def19
parent: 51c3acb6f4f84730473f8a2f1a430b4d44c44660 (diff)
2 files changed, 23 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index 4495b2fdf6..b904d8c1b3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+Fri Aug 22 20:07:43 2014  Koichi Sasada  <ko1@atdot.net>
+
+	* string.c (rb_fstring, fstr_update_callback): simply delete garbage
+	  key first.
+
+	  Garbage keys can be swept by lazy sweeping invoked by creating new
+	  fstring.  So that simply do:
+	  (1) delete garbage key and return `fstr_update_callback' immediately
+	  (2) try again `fstr_update_callback()' to create a new fstr.
+
+	  This bug can be cause memory corruption, reported by
+	  http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20140821T220302Z.fail.html.gz
+
 Fri Aug 22 19:30:39 2014  SHIBATA Hiroshi  <shibata.hiroshi@gmail.com>
 
 	* test/ruby/test_complex.rb: removed commented-out code.
diff --git a/string.c b/string.c
index 25305a4a4d..1fcd3ccc85 100644
--- a/string.c
+++ b/string.c
@@ -194,8 +194,8 @@ fstr_update_callback(st_data_t *key, st_data_t *value, st_data_t arg, int existi
 	 * at next time */
 
 	if (rb_objspace_garbage_object_p(str)) {
-	    str = *fstr;
-	    goto create_new_fstr;
+	    *fstr = Qundef;
+	    return ST_DELETE;
 	}
 
 	*fstr = str;
@@ -203,7 +203,6 @@ fstr_update_callback(st_data_t *key, st_data_t *value, st_data_t arg, int existi
     }
     else {
 	if (STR_SHARED_P(str)) { /* str should not be shared */
-	  create_new_fstr:
 	    str = rb_enc_str_new(RSTRING_PTR(str), RSTRING_LEN(str), STR_ENC_GET(str));
 	    OBJ_FREEZE(str);
 	}
@@ -220,6 +219,8 @@ fstr_update_callback(st_data_t *key, st_data_t *value, st_data_t arg, int existi
 VALUE
 rb_fstring(VALUE str)
 {
+    VALUE ret;
+
     Check_Type(str, T_STRING);
 
     if (!frozen_strings)
@@ -228,8 +229,12 @@ rb_fstring(VALUE str)
     if (FL_TEST(str, RSTRING_FSTR))
 	return str;
 
-    st_update(frozen_strings, (st_data_t)str, fstr_update_callback, (st_data_t)&str);
-    return str;
+    do {
+	ret = str;
+	st_update(frozen_strings, (st_data_t)str, fstr_update_callback, (st_data_t)&ret);
+    } while (ret != Qundef);
+
+    return ret;
 }
 
 static VALUE
author	ko1 <ko1@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2014-08-22 11:16:56 +0000
committer	ko1 <ko1@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2014-08-22 11:16:56 +0000
commit	32dcb81d5851035de6b47ccfd760ee5b78f58d93 (patch)
tree	1f44b9ba68b65144fd838f6f4840d0cd9b5def19
parent	51c3acb6f4f84730473f8a2f1a430b4d44c44660 (diff)