Ensure ruby_xfree won't segfault if called after vm_destruct

[Bug #19580] The real-world scenario motivating this change is libxml2's pthread code which uses `pthread_key_create` to set up a destructor that is called at thread exit to free thread-local storage. There is a small window of time -- after ruby_vm_destruct but before the process exits -- in which a pthread may exit and the destructor is called, leading to a segfault. Please note that this window of time may be relatively large if `atexit` is being used.
Merged: https://github.com/ruby/ruby/pull/7663
2023-04-04 23:55:43 -04:00 · 2023-04-04 23:55:43 -04:00 · 52e571fa72 · 2023-04-05 16:57:52 +00:00
commit 52e571fa72
parent 533423ebe4
1 changed files with 10 additions and 2 deletions
--- a/gc.c
+++ b/gc.c
@ -12581,8 +12581,16 @@ ruby_xrealloc2_body(void *ptr, size_t n, size_t size)
 void
 ruby_sized_xfree(void *x, size_t size)
 {
-    if (x) {
-        objspace_xfree(&rb_objspace, x, size);
+    if (LIKELY(x)) {
+        /* It's possible for a C extension's pthread destructor function set by pthread_key_create
+         * to be called after ruby_vm_destruct and attempt to free memory. Fall back to mimfree in
+         * that case. */
+        if (LIKELY(GET_VM())) {
+            objspace_xfree(&rb_objspace, x, size);
+        }
+        else {
+            ruby_mimfree(x);
+        }
    }
 }