1berry/ruby
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix use-after-move in Symbol#inspect

Browse Source 
The allocation could re-embed `orig_str` and invalidate the data
pointer from RSTRING_GETMEM() if the string is embedded.

Found on CI, where the test introduced in 7002e776944 ("Fix
Symbol#inspect for GC compaction") recently failed.

See: <https://github.com/ruby/ruby/actions/runs/7880657560/job/21503019659>
This commit is contained in:
Alan Wu 2024-02-13 12:51:36 -05:00
parent 5add999dee
commit 6261d4b4d8
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
string.c
View File

@ -11740,11 +11740,13 @@ sym_inspect(VALUE sym)
} }
else { else {
rb_encoding *enc = STR_ENC_GET(str); rb_encoding *enc = STR_ENC_GET(str);
VALUE orig_str = str; VALUE orig_str = str;
RSTRING_GETMEM(orig_str, ptr, len);
len = RSTRING_LEN(orig_str);
str = rb_enc_str_new(0, len + 1, enc); str = rb_enc_str_new(0, len + 1, enc);
// Get data pointer after allocation
ptr = RSTRING_PTR(orig_str);
dest = RSTRING_PTR(str); dest = RSTRING_PTR(str);
memcpy(dest + 1, ptr, len); memcpy(dest + 1, ptr, len);