From 664eeda66e1f64d09e0d321e681f2c21916f9c13 Mon Sep 17 00:00:00 2001
From: Aaron Patterson <tenderlove@ruby-lang.org>
Date: Mon, 28 Sep 2020 08:37:09 -0700
Subject: [PATCH] Fix ASAN errors when updating call cache

Invalidating call cache walks the heap, so we need to take care to
un-poison objects when examining them
---
 gc.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/gc.c b/gc.c
index fcb9c6454e..075019a315 100644
--- a/gc.c
+++ b/gc.c
@@ -2544,6 +2544,8 @@ vm_ccs_free(struct rb_class_cc_entries *ccs, int alive, rb_objspace_t *objspace,
         for (int i=0; i<ccs->len; i++) {
             const struct rb_callcache *cc = ccs->entries[i].cc;
             if (!alive) {
+                void *ptr = asan_poisoned_object_p((VALUE)cc);
+                asan_unpoison_object((VALUE)cc, false);
                 // ccs can be free'ed.
                 if (is_pointer_to_heap(objspace, (void *)cc) &&
                     IMEMO_TYPE_P(cc, imemo_callcache) &&
@@ -2551,8 +2553,14 @@ vm_ccs_free(struct rb_class_cc_entries *ccs, int alive, rb_objspace_t *objspace,
                     // OK. maybe target cc.
                 }
                 else {
+                    if (ptr) {
+                        asan_poison_object((VALUE)cc);
+                    }
                     continue;
                 }
+                if (ptr) {
+                    asan_poison_object((VALUE)cc);
+                }
             }
             vm_cc_invalidate(cc);
         }