diff options
| author | Yusuke Endoh <mame@ruby-lang.org> | 2021-04-26 18:11:46 +0900 |
|---|---|---|
| committer | Yusuke Endoh <mame@ruby-lang.org> | 2021-04-26 22:46:51 +0900 |
| commit | 2c7d3b3a722c4636ab1e9d289cbca47ddd168d3e (patch) | |
| tree | cb21ba7bca3f68e93587d3e75e07990c443c9a51 | |
| parent | 5219b4ddb4b89dfe8a951da75f5ab78431781d7f (diff) | |
| download | ruby-2c7d3b3a722c4636ab1e9d289cbca47ddd168d3e.tar.gz | |
node.c (rb_ast_new): imemo_ast is WB-unprotected
Previously imemo_ast was handled as WB-protected which caused a segfault
of the following code:
# shareable_constant_value: literal
M0 = {}
M1 = {}
...
M100000 = {}
My analysis is here: `shareable_constant_value: literal` creates many
Hash instances during parsing, and add them to node_buffer of imemo_ast.
However, the contents are missed because imemo_ast is incorrectly
WB-protected.
This changeset makes imemo_ast as WB-unprotected.
| -rw-r--r-- | gc.c | 7 | ||||
| -rw-r--r-- | internal/imemo.h | 1 | ||||
| -rw-r--r-- | node.c | 2 | ||||
| -rw-r--r-- | test/ruby/test_gc.rb | 7 |
4 files changed, 16 insertions, 1 deletions
@@ -2435,6 +2435,13 @@ rb_imemo_new(enum imemo_type type, VALUE v1, VALUE v2, VALUE v3, VALUE v0) return newobj_of(v0, flags, v1, v2, v3, TRUE); } +rb_ast_t * +rb_imemo_ast_new(VALUE node_buffer) +{ + VALUE flags = T_IMEMO | (imemo_ast << FL_USHIFT); + return (rb_ast_t *)newobj_of(node_buffer, flags, 0, 0, 0, FALSE); +} + static VALUE rb_imemo_tmpbuf_new(VALUE v1, VALUE v2, VALUE v3, VALUE v0) { diff --git a/internal/imemo.h b/internal/imemo.h index a9e2136ac4..102356c78c 100644 --- a/internal/imemo.h +++ b/internal/imemo.h @@ -130,6 +130,7 @@ struct MEMO { typedef struct rb_imemo_tmpbuf_struct rb_imemo_tmpbuf_t; VALUE rb_imemo_new(enum imemo_type type, VALUE v1, VALUE v2, VALUE v3, VALUE v0); +struct rb_ast_struct *rb_imemo_ast_new(VALUE node_buffer); rb_imemo_tmpbuf_t *rb_imemo_tmpbuf_parser_heap(void *buf, rb_imemo_tmpbuf_t *old_heap, size_t cnt); struct vm_ifunc *rb_vm_ifunc_new(rb_block_call_func_t func, const void *data, int min_argc, int max_argc); void rb_strterm_mark(VALUE obj); @@ -1299,7 +1299,7 @@ rb_ast_t * rb_ast_new(void) { node_buffer_t *nb = rb_node_buffer_new(); - rb_ast_t *ast = (rb_ast_t *)rb_imemo_new(imemo_ast, 0, 0, 0, (VALUE)nb); + rb_ast_t *ast = rb_imemo_ast_new((VALUE)nb); return ast; } diff --git a/test/ruby/test_gc.rb b/test/ruby/test_gc.rb index 1f75a34cac..f10946bd39 100644 --- a/test/ruby/test_gc.rb +++ b/test/ruby/test_gc.rb @@ -494,4 +494,11 @@ class TestGc < Test::Unit::TestCase b = 1000.times.map { Object.new.object_id } assert_empty(a & b) end + + def test_ast_node_buffer + # https://github.com/ruby/ruby/pull/4416 + Module.new.class_eval do + eval((["# shareable_constant_value: literal"] + (0..100000).map {|i| "M#{ i } = {}" }).join("\n")) + end + end end |