This removes the related tests, and puts the related specs behind
version guards. This affects all code in lib, including some
libraries that may want to support older versions of Ruby.
The buffer deduplication codepath in rb_fstring can be used to free the buffer
of shared string roots, which leads to use-after-free.
Introudce a new flag to tag strings that at one point have been a shared root.
Check for it in rb_fstring to avoid freeing buffers that are shared by
multiple strings. This change is based on nobu's idea in [ruby-core:94838].
The included test case test for the sequence of calls to internal functions
that lead to this bug. See attached ticket for Ruby level repros.
[Bug #16151]
When a string is #frozen, it's capacity is resized to fit (if it is much
larger), since we know it will no longer be mutated.
> puts ObjectSpace.dump(String.new("a"*30, capacity: 1000))
{"type":"STRING", "class":"0x7feaf00b7bf0", "bytesize":30, "capacity":1000, "value":"...
> puts ObjectSpace.dump(String.new("a"*30, capacity: 1000).freeze)
{"type":"STRING", "class":"0x7feaf00b7bf0", "frozen":true, "bytesize":30, "value":"...
(ObjectSpace.dump doesn't show capacity if capacity is equal to bytesize)
Previously, if we dedup into an fstring, using String#-@, capacity would
not be reduced.
> puts ObjectSpace.dump(-String.new("a"*30, capacity: 1000))
{"type":"STRING", "class":"0x7feaf00b7bf0", "frozen":true, "fstring":true, "bytesize":30, "capacity":1000, "value":"...
This commit makes rb_fstring call rb_str_resize, the same as
rb_str_freeze does.
Closes: https://github.com/ruby/ruby/pull/2256
This is a follow up for 3f9562015e.
Before this commit, it was possible to create a shared string which
shares with another shared string by passing a frozen shared string
to `str_duplicate`.
Such string looks like:
```
-------- -----------------
| root | ------ owns -----> | root's buffer |
-------- -----------------
^ ^ ^
----------- | |
| shared1 | ------ references ----- |
----------- |
^ |
----------- |
| shared2 | ------ references ---------
-----------
```
This is bad news because `rb_fstring(shared2)` can make `shared1`
independent, which severs the reference from `shared1` to `root`:
```c
/* from fstr_update_callback() */
str = str_new_frozen(rb_cString, shared2); /* can return shared1 */
if (STR_SHARED_P(str)) { /* shared1 is also a shared string */
str_make_independent(str); /* no frozen check */
}
```
If `shared1` was the only reference to `root`, then `root` can be
reclaimed by the GC, leaving `shared2` in a corrupted state:
```
----------- --------------------
| shared1 | -------- owns --------> | shared1's buffer |
----------- --------------------
^
|
----------- -------------------------
| shared2 | ------ references ----> | root's buffer (freed) |
----------- -------------------------
```
Here is a reproduction script for the situation this commit fixes.
```ruby
a = ('a' * 24).strip.freeze.strip
-a
p a
4.times { GC.start }
p a
```
- string.c (str_duplicate): always share with the root string when
the original is a shared string.
- test_rb_str_dup.rb: specifically test `rb_str_dup` to make
sure it does not try to share with a shared string.
[Bug #15792]
Closes: https://github.com/ruby/ruby/pull/2159
FrozenError will be used instead of RuntimeError for exceptions
raised when there is an attempt to modify a frozen object. The
reason for this change is to differentiate exceptions related
to frozen objects from generic exceptions such as those generated
by Kernel#raise without an exception class.
From: Jeremy Evans <code@jeremyevans.net>
Signed-off-by: Urabe Shyouhei <shyouhei@ruby-lang.org>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61131 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* io.c (io_setstrbuf): return true if the buffer is newly created.
* io.c (io_set_read_length): shrink the read buffer if it is a new
object and is too large. [ruby-core:81370] [Bug #13597]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59701 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test/-ext-/string/test_modify_expand.rb (test_integer_overflow):
no longer happens on platforms where size_t is larger than long,
e.g. 64bit windows, since r57122.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57156 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* string.c (rb_str_set_len): The buffer overflow check is wrong. The
space for termlen is allocated outside the capacity returned by
rb_str_capacity(). This fixes r41920 ("string.c: multi-byte
terminator", 2013-07-11). [ruby-core:77257] [Bug #12757]
* test/-ext-/string/test_set_len.rb (test_capacity_equals_to_new_size):
Test for this change. Applying only the test will trigger [BUG].
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56148 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
When you change this to true, you may need to add more tests.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* string.c (rb_string_value_cstr): should not raise on frozen
string.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52833 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* string.c (str_replace_shared_without_enc): fill the terminator
of embedded strings in wide char encodings.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51372 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* string.c (fstr_update_callback): pool bare strings only.
* string.c (rb_fstring): return the original string with sharing a
fstring if it has extra attributes, not the fstring itself.
[ruby-dev:49188] [Bug #11386]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51360 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* encoding.c (enc_autoload): drop dummy encoding flag from
the loaded encoding index. this flag is used only in this
source.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51251 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* file.c (rb_str_normalize_ospath): skip invalid byte sequence not
to loop infinitely. this case usually does not happen as the
input name should come from real file systems.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51180 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test/-ext-/string/test_nofree.rb (test_no_memory_leak): remove
limit and make the interation longer.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50843 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* string.c (str_make_independent_expand): terminate String when
moved from heap to embedded. [Fix GH-821].
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49405 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test/-ext-/string/test_cstr.rb (assert_wchars_term_char): test
for all wide char encodings.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48755 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test/-ext-/string/test_cstr.rb (test_wchar_long): show the
failed encoding name in error messages.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48753 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
