From 141402d11c09fa641eebd8f4841f81e7bbf3518c Mon Sep 17 00:00:00 2001 From: nagachika Date: Sun, 16 Jul 2023 12:58:21 +0900 Subject: [PATCH] merge revision(s) e1bd45624c85e8a80991bda20801f50967ac77a1: [Backport #19482] Fix crash when allocating classes with newobj hook We need to zero out the whole slot when running the newobj hook for a newly allocated class because the slot could be filled with garbage, which would cause a crash if a GC runs inside of the newobj hook. For example, the following script crashes: ``` require "objspace" GC.stress = true ObjectSpace.trace_object_allocations { 100.times do Class.new end } ``` [Bug #19482] --- gc.c | 8 +++++++- test/objspace/test_objspace.rb | 7 +++++++ 2 files changed, 14 insertions(+), 1 deletion(-) --- gc.c | 8 +++++++- test/objspace/test_objspace.rb | 7 +++++++ version.h | 2 +- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/gc.c b/gc.c index fd9cd2a5f2..58f793f949 100644 --- a/gc.c +++ b/gc.c @@ -2796,6 +2796,12 @@ newobj_alloc(rb_objspace_t *objspace, rb_ractor_t *cr, size_t size_pool_idx, boo return obj; } +static void +newobj_zero_slot(VALUE obj) +{ + memset((char *)obj + sizeof(struct RBasic), 0, rb_gc_obj_slot_size(obj) - sizeof(struct RBasic)); +} + ALWAYS_INLINE(static VALUE newobj_slowpath(VALUE klass, VALUE flags, rb_objspace_t *objspace, rb_ractor_t *cr, int wb_protected, size_t size_pool_idx)); static inline VALUE @@ -2826,7 +2832,7 @@ newobj_slowpath(VALUE klass, VALUE flags, rb_objspace_t *objspace, rb_ractor_t * #endif newobj_init(klass, flags, wb_protected, objspace, obj); - gc_event_hook_prep(objspace, RUBY_INTERNAL_EVENT_NEWOBJ, obj, newobj_fill(obj, 0, 0, 0)); + gc_event_hook_prep(objspace, RUBY_INTERNAL_EVENT_NEWOBJ, obj, newobj_zero_slot(obj)); } RB_VM_LOCK_LEAVE_CR_LEV(cr, &lev); diff --git a/test/objspace/test_objspace.rb b/test/objspace/test_objspace.rb index f0f294c31a..7556fca530 100644 --- a/test/objspace/test_objspace.rb +++ b/test/objspace/test_objspace.rb @@ -216,6 +216,13 @@ class TestObjSpace < Test::Unit::TestCase assert_equal(c3, ObjectSpace.allocation_generation(o3)) assert_equal(self.class.name, ObjectSpace.allocation_class_path(o3)) assert_equal(__method__, ObjectSpace.allocation_method_id(o3)) + + # [Bug #19482] + EnvUtil.under_gc_stress do + 100.times do + Class.new + end + end } end diff --git a/version.h b/version.h index 1c37eef5d5..cd1bdf5394 100644 --- a/version.h +++ b/version.h @@ -11,7 +11,7 @@ # define RUBY_VERSION_MINOR RUBY_API_VERSION_MINOR #define RUBY_VERSION_TEENY 2 #define RUBY_RELEASE_DATE RUBY_RELEASE_YEAR_STR"-"RUBY_RELEASE_MONTH_STR"-"RUBY_RELEASE_DAY_STR -#define RUBY_PATCHLEVEL 67 +#define RUBY_PATCHLEVEL 68 #include "ruby/version.h" #include "ruby/internal/abi.h"