From 49cf0896a2934547c0764aadaec021fb37a2e96f Mon Sep 17 00:00:00 2001
From: "NARUSE, Yui" <naruse@airemix.jp>
Date: Tue, 17 Jan 2023 11:20:40 +0900
Subject: merge revision(s) 90a80eb076429978e720e11fb17a3cbb96de3454: [Backport
 #19284]

	Fix integer underflow when using HEAP_INIT_SLOTS

	There is an integer underflow when the environment variable
	RUBY_GC_HEAP_INIT_SLOTS is less than the number of slots currently
	in the Ruby heap.

	[Bug #19284]
	---
	 gc.c                 | 25 +++++++++++++------------
	 test/ruby/test_gc.rb |  5 +++++
	 2 files changed, 18 insertions(+), 12 deletions(-)
---
 gc.c                 | 25 +++++++++++++------------
 test/ruby/test_gc.rb |  5 +++++
 version.h            |  2 +-
 3 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/gc.c b/gc.c
index 0fccc17a32..9866ed579d 100644
--- a/gc.c
+++ b/gc.c
@@ -11719,24 +11719,25 @@ get_envparam_double(const char *name, double *default_value, double lower_bound,
 }
 
 static void
-gc_set_initial_pages(void)
+gc_set_initial_pages(rb_objspace_t *objspace)
 {
-    size_t min_pages;
-    rb_objspace_t *objspace = &rb_objspace;
-
     gc_rest(objspace);
 
-    min_pages = gc_params.heap_init_slots / HEAP_PAGE_OBJ_LIMIT;
-
-    size_t pages_per_class = (min_pages - heap_eden_total_pages(objspace)) / SIZE_POOL_COUNT;
-
     for (int i = 0; i < SIZE_POOL_COUNT; i++) {
         rb_size_pool_t *size_pool = &size_pools[i];
 
-        heap_add_pages(objspace, size_pool, SIZE_POOL_EDEN_HEAP(size_pool), pages_per_class);
+        if (gc_params.heap_init_slots > size_pool->eden_heap.total_slots) {
+            size_t slots = gc_params.heap_init_slots - size_pool->eden_heap.total_slots;
+            int multiple = size_pool->slot_size / BASE_SLOT_SIZE;
+            size_pool->allocatable_pages = slots * multiple / HEAP_PAGE_OBJ_LIMIT;
+        }
+        else {
+            /* We already have more slots than heap_init_slots allows, so
+             * prevent creating more pages. */
+            size_pool->allocatable_pages = 0;
+        }
     }
-
-    heap_add_pages(objspace, &size_pools[0], SIZE_POOL_EDEN_HEAP(&size_pools[0]), min_pages - heap_eden_total_pages(objspace));
+    heap_pages_expand_sorted(objspace);
 }
 
 /*
@@ -11792,7 +11793,7 @@ ruby_gc_set_params(void)
 
     /* RUBY_GC_HEAP_INIT_SLOTS */
     if (get_envparam_size("RUBY_GC_HEAP_INIT_SLOTS", &gc_params.heap_init_slots, 0)) {
-        gc_set_initial_pages();
+        gc_set_initial_pages(objspace);
     }
 
     get_envparam_double("RUBY_GC_HEAP_GROWTH_FACTOR", &gc_params.growth_factor, 1.0, 0.0, FALSE);
diff --git a/test/ruby/test_gc.rb b/test/ruby/test_gc.rb
index 937f303604..5df3bba5f9 100644
--- a/test/ruby/test_gc.rb
+++ b/test/ruby/test_gc.rb
@@ -304,6 +304,11 @@ class TestGc < Test::Unit::TestCase
   end
 
   def test_gc_parameter
+    env = {
+      "RUBY_GC_HEAP_INIT_SLOTS" => "100"
+    }
+    assert_in_out_err([env, "-e", "exit"], "", [], [], "[Bug #19284]")
+
     env = {
       "RUBY_GC_MALLOC_LIMIT" => "60000000",
       "RUBY_GC_HEAP_INIT_SLOTS" => "100000"
diff --git a/version.h b/version.h
index 7b701b14f8..4dbb3d8b75 100644
--- a/version.h
+++ b/version.h
@@ -11,7 +11,7 @@
 # define RUBY_VERSION_MINOR RUBY_API_VERSION_MINOR
 #define RUBY_VERSION_TEENY 0
 #define RUBY_RELEASE_DATE RUBY_RELEASE_YEAR_STR"-"RUBY_RELEASE_MONTH_STR"-"RUBY_RELEASE_DAY_STR
-#define RUBY_PATCHLEVEL 2
+#define RUBY_PATCHLEVEL 3
 
 #include "ruby/version.h"
 #include "ruby/internal/abi.h"
-- 
cgit v1.2.3