gc.c: Verify provided size in `rb_gc_impl_free`

For now the provided size is just for GC statistics, but in the future
we may want to forward it to C23's `free_sized` and passing an incorrect
size to it is undefined behavior.

1 files changed, 7 insertions, 7 deletions

diff --git a/imemo.c b/imemo.c
index d949466a77..0f7c260eb9 100644
--- a/imemo.c
+++ b/imemo.c
@@ -57,7 +57,7 @@ rb_imemo_tmpbuf_new(void)
     rb_gc_register_pinning_obj((VALUE)obj);
 
     obj->ptr = NULL;
-    obj->cnt = 0;
+    obj->size = 0;
 
     return (VALUE)obj;
 }
@@ -71,7 +71,7 @@ rb_alloc_tmp_buffer_with_count(volatile VALUE *store, size_t size, size_t cnt)
     *store = (VALUE)tmpbuf;
     void *ptr = ruby_xmalloc(size);
     tmpbuf->ptr = ptr;
-    tmpbuf->cnt = cnt;
+    tmpbuf->size = size;
 
     return ptr;
 }
@@ -94,9 +94,9 @@ rb_free_tmp_buffer(volatile VALUE *store)
     rb_imemo_tmpbuf_t *s = (rb_imemo_tmpbuf_t*)ATOMIC_VALUE_EXCHANGE(*store, 0);
     if (s) {
         void *ptr = ATOMIC_PTR_EXCHANGE(s->ptr, 0);
-        long cnt = s->cnt;
-        s->cnt = 0;
-        ruby_sized_xfree(ptr, sizeof(VALUE) * cnt);
+        long size = s->size;
+        s->size = 0;
+        ruby_sized_xfree(ptr, size);
     }
 }
 
@@ -261,7 +261,7 @@ rb_imemo_memsize(VALUE obj)
       case imemo_throw_data:
         break;
       case imemo_tmpbuf:
-        size += ((rb_imemo_tmpbuf_t *)obj)->cnt * sizeof(VALUE);
+        size += ((rb_imemo_tmpbuf_t *)obj)->size;
 
         break;
       case imemo_fields:
@@ -506,7 +506,7 @@ rb_imemo_mark_and_move(VALUE obj, bool reference_updating)
         const rb_imemo_tmpbuf_t *m = (const rb_imemo_tmpbuf_t *)obj;
 
         if (!reference_updating) {
-            rb_gc_mark_locations(m->ptr, m->ptr + m->cnt);
+            rb_gc_mark_locations(m->ptr, m->ptr + (m->size / sizeof(VALUE)));
         }
 
         break;