1berry/ruby
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix crash in rb_gc_register_address

Browse Source 
[Bug #19584]

Some C extensions pass a pointer to a global variable to
rb_gc_register_address. However, if a GC is triggered inside of
rb_gc_register_address, then the object could get swept since it does
not exist on the stack.
This commit is contained in:
Peter Zhu 2023-04-06 10:25:59 -04:00
parent 89bdf6e94c
commit bccec7fb46
Notes: git 2023-04-06 17:19:42 +00:00 
Merged: https://github.com/ruby/ruby/pull/7670
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
gc.c
View File

@ -9202,10 +9202,17 @@ rb_gc_register_address(VALUE *addr)
rb_objspace_t *objspace = &rb_objspace; rb_objspace_t *objspace = &rb_objspace;
struct gc_list *tmp; struct gc_list *tmp;
VALUE obj = *addr;
tmp = ALLOC(struct gc_list); tmp = ALLOC(struct gc_list);
tmp->next = global_list; tmp->next = global_list;
tmp->varptr = addr; tmp->varptr = addr;
global_list = tmp; global_list = tmp;
/* obj has to be guarded here because the allocation above could trigger a
* GC. However, C extensions could pass a pointer to a global variable
* which does not exist on the stack and thus could get swept. */
RB_GC_GUARD(obj);
} }
void void