From 32e406d6d3c3ded9160298c4475c1aa188360b07 Mon Sep 17 00:00:00 2001 From: Daniel Colson Date: Sat, 2 Jul 2022 20:28:39 -0400 Subject: Ensure _id2ref finds symbols with the correct type Prior to this commit it was possible to call `ObjectSpace._id2ref` with an offset static symbol object_id and get back a new, incorrectly tagged symbol: ``` > sensible_sym = ObjectSpace._id2ref(:a.object_id) => :a > nonsense_sym = ObjectSpace._id2ref(:a.object_id + 40) => :a > sensible_sym == nonsense_sym => false ``` `nonsense_sym` ends up tagged with `RUBY_ID_INSTANCE` instead of `RB_ID_LOCAL`. That means we can do silly things like: ``` > foo = Object.new > foo.instance_variable_set(:a, 123) (irb):2:in `instance_variable_set': `a' is not allowed as an instance variable name (NameError) > foo.instance_variable_set(ObjectSpace._id2ref(:a.object_id + 40), 123) => 123 > foo.instance_variables => [:a] ``` This was happening because `get_id_entry` ignores the tag bits when looking up the symbol. So `rb_id2str(symid)` would return a value and then we'd continue on with the nonsense `symid`. This commit prevents the situation by checking that the `symid` actually matches what we get back from `get_id_entry`. Now we get a `RangeError` for the nonsense id: ``` > ObjectSpace._id2ref(:a.object_id) => :a > ObjectSpace._id2ref(:a.object_id + 40) (irb):1:in `_id2ref': 0x000000000013f408 is not symbol id value (RangeError) ``` Co-authored-by: John Hawthorn --- symbol.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'symbol.c') diff --git a/symbol.c b/symbol.c index dc7d72cb90..94fa09d19c 100644 --- a/symbol.c +++ b/symbol.c @@ -481,6 +481,12 @@ get_id_entry(ID id, const enum id_entry_type t) return get_id_serial_entry(rb_id_to_serial(id), id, t); } +int +rb_static_id_valid_p(ID id) +{ + return STATIC_ID2SYM(id) == get_id_entry(id, ID_ENTRY_SYM); +} + static inline ID rb_id_serial_to_id(rb_id_serial_t num) { -- cgit v1.2.1