* string.c (rb_fstring, fstr_update_callback): simply delete garbage

key first. Garbage keys can be swept by lazy sweeping invoked by creating new fstring. So that simply do: (1) delete garbage key and return `fstr_update_callback' immediately (2) try again `fstr_update_callback()' to create a new fstr. This bug can be cause memory corruption, reported by http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20140821T220302Z.fail.html.gz git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@47252 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2014-08-22 11:16:56 +00:00 · 2014-08-22 11:16:56 +00:00 · 32dcb81d58
commit 32dcb81d58
parent 51c3acb6f4
2 changed files with 23 additions and 5 deletions
--- a/13
+++ b/13
@ -1,3 +1,16 @@
+Fri Aug 22 20:07:43 2014  Koichi Sasada  <ko1@atdot.net>
+
+	* string.c (rb_fstring, fstr_update_callback): simply delete garbage
+	  key first.
+
+	  Garbage keys can be swept by lazy sweeping invoked by creating new
+	  fstring.  So that simply do:
+	  (1) delete garbage key and return `fstr_update_callback' immediately
+	  (2) try again `fstr_update_callback()' to create a new fstr.
+
+	  This bug can be cause memory corruption, reported by
+	  http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20140821T220302Z.fail.html.gz
+
 Fri Aug 22 19:30:39 2014  SHIBATA Hiroshi  <shibata.hiroshi@gmail.com>

 	* test/ruby/test_complex.rb: removed commented-out code.
--- a/string.c
+++ b/string.c
@ -194,8 +194,8 @@ fstr_update_callback(st_data_t *key, st_data_t *value, st_data_t arg, int existi
 	 * at next time */

 	if (rb_objspace_garbage_object_p(str)) {
-	    str = *fstr;
-	    goto create_new_fstr;
+	    *fstr = Qundef;
+	    return ST_DELETE;
 	}

 	*fstr = str;
@ -203,7 +203,6 @@ fstr_update_callback(st_data_t *key, st_data_t *value, st_data_t arg, int existi
    }
    else {
 	if (STR_SHARED_P(str)) { /* str should not be shared */
-	  create_new_fstr:
 	    str = rb_enc_str_new(RSTRING_PTR(str), RSTRING_LEN(str), STR_ENC_GET(str));
 	    OBJ_FREEZE(str);
 	}
@ -220,6 +219,8 @@ fstr_update_callback(st_data_t *key, st_data_t *value, st_data_t arg, int existi
 VALUE
 rb_fstring(VALUE str)
 {
+    VALUE ret;
+
    Check_Type(str, T_STRING);

    if (!frozen_strings)
@ -228,8 +229,12 @@ rb_fstring(VALUE str)
    if (FL_TEST(str, RSTRING_FSTR))
 	return str;

-    st_update(frozen_strings, (st_data_t)str, fstr_update_callback, (st_data_t)&str);
-    return str;
+    do {
+	ret = str;
+	st_update(frozen_strings, (st_data_t)str, fstr_update_callback, (st_data_t)&ret);
+    } while (ret != Qundef);
+
+    return ret;
 }

 static VALUE