summaryrefslogtreecommitdiff
path: root/include/ruby
diff options
context:
space:
mode:
authorNobuyoshi Nakada <nobu@ruby-lang.org>2021-01-02 12:11:52 +0900
committerNobuyoshi Nakada <nobu@ruby-lang.org>2021-01-02 12:11:52 +0900
commitf690eb34e28b000627e5f0649dd81a04e252286f (patch)
tree57c561c7616390965de0fa5d7243046daef80652 /include/ruby
parent4b6fd8329b46701414aba2eeca10013cf66ec513 (diff)
Fixed dangling imemo_tmpbuf
The count of rb_alloc_tmp_buffer_with_count is the allocation size counted in VALUE size but not in the requested element size. Co-authored-by: Yusuke Endoh <mame@ruby-lang.org> Co-authored-by: Koichi Sasada <ko1@atdot.net>
Diffstat (limited to 'include/ruby')
-rw-r--r--include/ruby/internal/memory.h5
1 files changed, 3 insertions, 2 deletions
diff --git a/include/ruby/internal/memory.h b/include/ruby/internal/memory.h
index 974c21e19c..7d24df4945 100644
--- a/include/ruby/internal/memory.h
+++ b/include/ruby/internal/memory.h
@@ -250,8 +250,9 @@ rbimpl_size_mul_or_raise(size_t x, size_t y)
static inline void *
rb_alloc_tmp_buffer2(volatile VALUE *store, long count, size_t elsize)
{
- return rb_alloc_tmp_buffer_with_count(
- store, rbimpl_size_mul_or_raise(count, elsize), count);
+ const size_t total_size = rbimpl_size_mul_or_raise(count, elsize);
+ const size_t cnt = (total_size + sizeof(VALUE) - 1) / sizeof(VALUE);
+ return rb_alloc_tmp_buffer_with_count(store, total_size, cnt);
}
#ifndef __MINGW32__