diff options
author | Aaron Patterson <tenderlove@ruby-lang.org> | 2021-01-13 13:35:11 -0800 |
---|---|---|
committer | Aaron Patterson <aaron.patterson@gmail.com> | 2021-01-13 16:13:53 -0800 |
commit | efcdf68e6443ab70fbff1703b9dabbfc5090df31 (patch) | |
tree | 8b3d144299781c76554a425cb463162c124b8134 /compile.c | |
parent | f4ce78d5c139a8825ee2d09f39aef03ef762dfc6 (diff) |
Guard callinfo
Callinfo was being written in to an array and the GC would not see the
reference on the stack. `new_insn_send` creates a new callinfo object,
then it calls `new_insn_core`. `new_insn_core` allocates a new INSN
linked list item, which can end up calling `xmalloc` which will trigger
a GC:
https://github.com/ruby/ruby/blob/70cd351c7c71c48ee18d7c01e851a89614086f8f/compile.c#L968-L969
Since the callinfo object isn't on the stack, the GC won't see it, and
it can get collected. This patch just refactors `new_insn_send` to keep
the object on the stack
Co-authored-by: John Hawthorn <john@hawthorn.email>
Notes
Notes:
Merged: https://github.com/ruby/ruby/pull/4066
Diffstat (limited to 'compile.c')
-rw-r--r-- | compile.c | 7 |
1 files changed, 5 insertions, 2 deletions
@@ -1302,12 +1302,15 @@ static INSN * new_insn_send(rb_iseq_t *iseq, int line_no, ID id, VALUE argc, const rb_iseq_t *blockiseq, VALUE flag, struct rb_callinfo_kwarg *keywords) { VALUE *operands = compile_data_calloc2(iseq, sizeof(VALUE), 2); - operands[0] = (VALUE)new_callinfo(iseq, id, FIX2INT(argc), FIX2INT(flag), keywords, blockiseq != NULL); + VALUE ci = (VALUE)new_callinfo(iseq, id, FIX2INT(argc), FIX2INT(flag), keywords, blockiseq != NULL); + operands[0] = ci; operands[1] = (VALUE)blockiseq; if (blockiseq) { RB_OBJ_WRITTEN(iseq, Qundef, blockiseq); } - return new_insn_core(iseq, line_no, BIN(send), 2, operands); + INSN *insn = new_insn_core(iseq, line_no, BIN(send), 2, operands); + RB_GC_GUARD(ci); + return insn; } static rb_iseq_t * |