From c416dbb3c700173d62c2d8381e3680b8aa4482ae Mon Sep 17 00:00:00 2001
From: Alan Wu <XrXr@users.noreply.github.com>
Date: Wed, 27 Apr 2022 12:23:52 -0400
Subject: Add missing write barriers to Array#replace

Previously it made object references without using write barriers,
creating GC inconsistencies.

See: http://ci.rvm.jp/results/trunk-gc-asserts@phosphorus-docker/3925529
---
 array.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'array.c')

diff --git a/array.c b/array.c
index 9bb767d79f..7b3f5bd0b0 100644
--- a/array.c
+++ b/array.c
@@ -4680,14 +4680,16 @@ rb_ary_replace(VALUE copy, VALUE orig)
      * contents of orig. */
     else if (ARY_EMBED_P(orig)) {
         long len = ARY_EMBED_LEN(orig);
-
         VALUE *ptr = ary_heap_alloc(copy, len);
-        MEMCPY(ptr, ARY_EMBED_PTR(orig), VALUE, len);
 
         FL_UNSET_EMBED(copy);
         ARY_SET_PTR(copy, ptr);
         ARY_SET_LEN(copy, len);
         ARY_SET_CAPA(copy, len);
+
+        // No allocation and exception expected that could leave `copy` in a
+        // bad state from the edits above.
+        ary_memcpy(copy, 0, len, RARRAY_CONST_PTR_TRANSIENT(orig));
     }
 #endif
     /* Otherwise, orig is on heap and copy does not have enough space to embed
-- 
cgit v1.2.1