Fix crash in rb_gc_register_address

[Bug #19584] Some C extensions pass a pointer to a global variable to rb_gc_register_address. However, if a GC is triggered inside of rb_gc_register_address, then the object could get swept since it does not exist on the stack.
Merged: https://github.com/ruby/ruby/pull/7670
2023-04-06 10:25:59 -04:00 · 2023-04-06 10:25:59 -04:00 · bccec7fb46 · 2023-04-06 17:19:42 +00:00
commit bccec7fb46
parent 89bdf6e94c
1 changed files with 7 additions and 0 deletions
--- a/gc.c
+++ b/gc.c
@ -9202,10 +9202,17 @@ rb_gc_register_address(VALUE *addr)
    rb_objspace_t *objspace = &rb_objspace;
    struct gc_list *tmp;

+    VALUE obj = *addr;
+
    tmp = ALLOC(struct gc_list);
    tmp->next = global_list;
    tmp->varptr = addr;
    global_list = tmp;
+
+    /* obj has to be guarded here because the allocation above could trigger a
+     * GC. However, C extensions could pass a pointer to a global variable
+     * which does not exist on the stack and thus could get swept. */
+    RB_GC_GUARD(obj);
 }

 void