diff options
author | Peter Zhu <peter@peterzhu.ca> | 2023-01-05 08:48:19 -0500 |
---|---|---|
committer | Peter Zhu <peter@peterzhu.ca> | 2023-01-05 13:14:11 -0500 |
commit | 273dca3aed7989120d57f80c789733d4bc870ffe (patch) | |
tree | 24534fe1f7c9263218d94009589958c6e80710cb | |
parent | 54950a78e3cd66da8c52e7444b2fbf761153660b (diff) | |
download | ruby-273dca3aed7989120d57f80c789733d4bc870ffe.tar.gz |
Fix undefined behavior in shape.c
Under strict aliasing, writing to the memory location of a different
type is not allowed and will result in undefined behavior. This was
happening in shape.c due to `rb_id_table_lookup` writing to the memory
location of `VALUE *` that was casted from a `rb_shape_t **`.
This was causing test failures when compiled with LTO.
Fixes [Bug #19248]
Co-Authored-By: Alan Wu <alanwu@ruby-lang.org>
-rw-r--r-- | shape.c | 13 |
1 files changed, 11 insertions, 2 deletions
@@ -150,7 +150,11 @@ get_next_shape_internal(rb_shape_t * shape, ID id, enum shape_type shape_type, b // Lookup the shape in edges - if there's already an edge and a corresponding shape for it, // we can return that. Otherwise, we'll need to get a new shape - if (!rb_id_table_lookup(shape->edges, id, (VALUE *)&res)) { + VALUE lookup_result; + if (rb_id_table_lookup(shape->edges, id, &lookup_result)) { + res = (rb_shape_t *)lookup_result; + } + else { *variation_created = had_edges; rb_shape_t * new_shape = rb_shape_alloc(id, shape); @@ -462,7 +466,12 @@ rb_shape_traverse_from_new_root(rb_shape_t *initial_shape, rb_shape_t *dest_shap if (!next_shape->edges) { return NULL; } - if (!rb_id_table_lookup(next_shape->edges, dest_shape->edge_name, (VALUE *)&next_shape)) { + + VALUE lookup_result; + if (rb_id_table_lookup(next_shape->edges, dest_shape->edge_name, &lookup_result)) { + next_shape = (rb_shape_t *)lookup_result; + } + else { return NULL; } break; |