From b8c4af24f920a973cfa1f7b671825e8a5421368c Mon Sep 17 00:00:00 2001 From: Peter Zhu Date: Tue, 24 Dec 2024 15:30:48 -0500 Subject: [PATCH] Use rb_darray_insert_without_gc for heap_pages darray rb_darray_insert could trigger a GC, which would cause problems if it freed pages while a new page was being inserted. For example, the following script fails: GC.stress = true GC.auto_compact = :empty 10.times do GC.verify_compaction_references(expand_heap: true, toward: :empty) end It errors out with: 'GC.verify_compaction_references': malloc: possible integer overflow (8*18446744073709551603) (ArgumentError) --- darray.h | 5 +++-- gc/default/default.c | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/darray.h b/darray.h index 7ae7f69e6e..e492d6a34f 100644 --- a/darray.h +++ b/darray.h @@ -58,10 +58,11 @@ (*(ptr_to_ary))->meta.size++; \ } while (0) -#define rb_darray_insert(ptr_to_ary, idx, element) do { \ +#define rb_darray_insert_without_gc(ptr_to_ary, idx, element) do { \ rb_darray_ensure_space((ptr_to_ary), \ sizeof(**(ptr_to_ary)), \ - sizeof((*(ptr_to_ary))->data[0])); \ + sizeof((*(ptr_to_ary))->data[0]), \ + rb_darray_realloc_mul_add_without_gc); \ MEMMOVE( \ rb_darray_ref(*(ptr_to_ary), idx + 1), \ rb_darray_ref(*(ptr_to_ary), idx), \ diff --git a/gc/default/default.c b/gc/default/default.c index b0267cc48c..94828be55d 100644 --- a/gc/default/default.c +++ b/gc/default/default.c @@ -1961,7 +1961,7 @@ heap_page_allocate(rb_objspace_t *objspace) } } - rb_darray_insert(&objspace->heap_pages.sorted, hi, page); + rb_darray_insert_without_gc(&objspace->heap_pages.sorted, hi, page); if (heap_pages_lomem == 0 || heap_pages_lomem > start) heap_pages_lomem = start; if (heap_pages_himem < end) heap_pages_himem = end;