From 153fa85994f3f06c93e2b10726c98b6f3b824225 Mon Sep 17 00:00:00 2001
From: John Hawthorn <john@hawthorn.email>
Date: Mon, 9 Feb 2026 18:39:51 -0800
Subject: objspace_dump: Skip invalid CME when dumping CCs

When a CC is invalidated only the klass field is set to 0. After it's
invalidated it isn't safe to access the CME, as it may have been freed.

I made a similar change in Ruby 4.0 in
640a2f1dc77c0ecf226dbd71cf7a1eb876a1f037, but assumed it was due to the
changes we'd made to callcaches making klass a weak-reference.

Co-authored-by: Christian Bruckmayer <christian.bruckmayer@shopify.com>
---
 ext/objspace/objspace_dump.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/ext/objspace/objspace_dump.c b/ext/objspace/objspace_dump.c
index 96bd521c79..b77e057498 100644
--- a/ext/objspace/objspace_dump.c
+++ b/ext/objspace/objspace_dump.c
@@ -449,19 +449,19 @@ dump_object(VALUE obj, struct dump_config *dc)
             }
             break;
 
-          case imemo_callcache:
-            mid = vm_cc_cme((const struct rb_callcache *)obj)->called_id;
-            if (mid != 0) {
-                dump_append(dc, ", \"called_id\":");
-                dump_append_id(dc, mid);
-
-                VALUE klass = ((const struct rb_callcache *)obj)->klass;
-                if (klass != 0) {
-                    dump_append(dc, ", \"receiver_class\":");
-                    dump_append_ref(dc, klass);
+          case imemo_callcache: {
+            VALUE klass = ((const struct rb_callcache *)obj)->klass;
+            if (klass) {
+                mid = vm_cc_cme((const struct rb_callcache *)obj)->called_id;
+                if (mid != 0) {
+                    dump_append(dc, ", \"called_id\":");
+                    dump_append_id(dc, mid);
                 }
+                dump_append(dc, ", \"receiver_class\":");
+                dump_append_ref(dc, klass);
             }
             break;
+          }
 
           default:
             break;
-- 
cgit v1.2.3