diff options
author | Peter Zhu <peter@peterzhu.ca> | 2023-09-19 20:48:41 -0400 |
---|---|---|
committer | Peter Zhu <peter@peterzhu.ca> | 2023-09-20 10:19:24 -0400 |
commit | 96c5a4be7b0d72502001734770af0f4a735c544c (patch) | |
tree | 77ced0cc55236787ecf8fee4916936da55e54944 /vm_method.c | |
parent | 3c11cdbcfe5ebcf430b0cdfefb0b92724eebe543 (diff) |
Fix memory leak in complemented method entries
[Bug #19894]
When a copy of a complemented method entry is created, there are two
issues:
1. IMEMO_FL_USER3 is not copied, so the complemented status is not
copied over.
2. In rb_method_entry_clone we increment both alias_count and
complemented_count. However, when we free the method entry in
rb_method_definition_release, we only decrement one of the two
counters, resulting in the rb_method_definition_t being leaked.
Co-authored-by: Adam Hess <adamhess1991@gmail.com>
Diffstat (limited to 'vm_method.c')
-rw-r--r-- | vm_method.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/vm_method.c b/vm_method.c index cd5543f042..cf4cfd2e56 100644 --- a/vm_method.c +++ b/vm_method.c @@ -693,11 +693,13 @@ rb_method_entry_create(ID called_id, VALUE klass, rb_method_visibility_t visi, c const rb_method_entry_t * rb_method_entry_clone(const rb_method_entry_t *src_me) { - rb_method_entry_t *me = rb_method_entry_alloc(src_me->called_id, src_me->owner, src_me->defined_class, - method_definition_addref(src_me->def)); + rb_method_entry_t *me = rb_method_entry_alloc(src_me->called_id, src_me->owner, src_me->defined_class, src_me->def); if (METHOD_ENTRY_COMPLEMENTED(src_me)) { method_definition_addref_complement(src_me->def); } + else { + method_definition_addref(src_me->def); + } METHOD_ENTRY_FLAGS_COPY(me, src_me); return me; @@ -724,7 +726,7 @@ rb_method_entry_complement_defined_class(const rb_method_entry_t *src_me, ID cal def = NULL; } else { - def = method_definition_addref_complement(def); + method_definition_addref_complement(def); } me = rb_method_entry_alloc(called_id, src_me->owner, defined_class, def); METHOD_ENTRY_FLAGS_COPY(me, src_me); |