From 3e04f7b69fb56eac88b56f491b6a298fcc28b7f9 Mon Sep 17 00:00:00 2001
From: Alan Wu <XrXr@users.noreply.github.com>
Date: Sun, 16 Mar 2025 16:00:08 -0400
Subject: [PATCH] Only mark `cc->cme_` on valid imemo_callcache

We observed T_NONE on `cc->cme_` on a --repeat-count=50 run a compaction
test on CI:
http://ci.rvm.jp/results/trunk-repeat50@ruby-sp2-noble-docker/5654900

During reference updating for imemo_callcache in
rb_imemo_mark_and_move(), if `cc->klass` is not live, but `cc->_cme` is
live and moved, we go to the vm_cc_invalidate() path which
leaves `cc->_cme` not updated and stale. In the next marking run after
compaction, CME would've become a T_NONE.

So to quote the comment above "... cc is invalidated by
`vm_cc_invalidate()` and cc->cme is not be accessed."
---
 imemo.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/imemo.c b/imemo.c
index f573967817..a0ed567719 100644
--- a/imemo.c
+++ b/imemo.c
@@ -309,7 +309,7 @@ rb_imemo_mark_and_move(VALUE obj, bool reference_updating)
             }
         }
         else {
-            if (vm_cc_super_p(cc) || vm_cc_refinement_p(cc)) {
+            if (cc->klass && (vm_cc_super_p(cc) || vm_cc_refinement_p(cc))) {
                 rb_gc_mark_movable((VALUE)cc->cme_);
                 rb_gc_mark_movable((VALUE)cc->klass);
             }