Fix use-after-free on -DUSE_EMBED_CI=0

On -DUSE_EMBED_CI=0, there are more GC allocations and the old code didn't keep old_operands[0] reachable while allocating. On a Debian based system, I get a crash requiring erb under GC stress mode. On macOS, tool/transcode-tblgen.rb runs incorrectly if I put GC.stress=true as the first line.
author: Alan Wu <XrXr@users.noreply.github.com> 2021-07-29 12:04:36 -0400
committer: GitHub <noreply@github.com> 2021-07-29 12:04:36 -0400
commit: cbecf9c7ba71ef0e844c72c97f85ce4fffb46aa6 (patch)
tree: f2c7c07931ac774ff09eafb870cfaccbbfe9dd9f /compile.c
parent: 12d4da7478136f12f463cc8029d73cd22ec0a021 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/compile.c b/compile.c
index 38a96f165e..6695a0293b 100644
--- a/compile.c
+++ b/compile.c
@@ -3443,11 +3443,11 @@ insn_set_specialized_instruction(rb_iseq_t *iseq, INSN *iobj, int insn_id)
     iobj->operand_size = insn_len(insn_id) - 1;
 
     if (insn_id == BIN(opt_neq)) {
-	VALUE *old_operands = iobj->operands;
+        VALUE original_ci = iobj->operands[0];
         iobj->operand_size = 2;
         iobj->operands = compile_data_calloc2(iseq, iobj->operand_size, sizeof(VALUE));
         iobj->operands[0] = (VALUE)new_callinfo(iseq, idEq, 1, 0, NULL, FALSE);
-        iobj->operands[1] = old_operands[0];
+        iobj->operands[1] = original_ci;
     }
 
     return COMPILE_OK;
author	Alan Wu <XrXr@users.noreply.github.com>	2021-07-29 12:04:36 -0400
committer	GitHub <noreply@github.com>	2021-07-29 12:04:36 -0400
commit	cbecf9c7ba71ef0e844c72c97f85ce4fffb46aa6 (patch)
tree	f2c7c07931ac774ff09eafb870cfaccbbfe9dd9f /compile.c
parent	12d4da7478136f12f463cc8029d73cd22ec0a021 (diff)