archive/ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2025-08-15 13:39:04 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
ruby/internal/variable.h
NARUSE, Yui f3abe5ba64 merge revision(s) 0700d0fd1c77b4fddf803dea3c10be654df600ff,62c2082f1f726cb90d8c332fbedbecf41d5d82ec: [Backport #19469] 
Fix indentation in vm_setivar_default

	---
	 vm_insnhelper.c | 6 +++---
	 1 file changed, 3 insertions(+), 3 deletions(-)

	[Bug #19469] Fix crash when resizing generic iv list

	The following script can sometimes trigger a crash:

	```ruby
	GC.stress = true

	class Array
	  def foo(bool)
	    if bool
	      @a = 1
	      @b = 2
	      @c = 1
	    else
	      @c = 1
	    end
	  end
	end

	obj = []
	obj.foo(true)

	obj2 = []
	obj2.foo(false)

	obj3 = []
	obj3.foo(true)
	```

	This is because vm_setivar_default calls rb_ensure_generic_iv_list_size
	to resize the iv list. However, the call to gen_ivtbl_resize reallocs
	the iv list, and then inserts into the generic iv table. If the
	st_insert triggers a GC then the old iv list will be read during
	marking, causing a use-after-free bug.

	Co-Authored-By: Jemma Issroff <jemmaissroff@gmail.com>
	---
	 internal/variable.h |  2 +-
	 variable.c          | 23 ++++++++++++++++++-----
	 vm_insnhelper.c     |  4 ++--
	 3 files changed, 21 insertions(+), 8 deletions(-)
2023-03-17 13:40:04 +09:00

90 lines
3 KiB
C
Raw Blame History

#ifndef INTERNAL_VARIABLE_H /*-*-C-*-vi:se ft=c:*/
#define INTERNAL_VARIABLE_H
/**
* @author Ruby developers <ruby-core@ruby-lang.org>
* @copyright This file is a part of the programming language Ruby.
* Permission is hereby granted, to either redistribute and/or
* modify this file, provided that the conditions mentioned in the
* file COPYING are met. Consult the file for details.
* @brief Internal header for variables.
*/
#include "ruby/internal/config.h"
#include <stddef.h> /* for size_t */
#include "constant.h" /* for rb_const_entry_t */
#include "ruby/internal/stdbool.h" /* for bool */
#include "ruby/ruby.h" /* for VALUE */
#include "shape.h" /* for rb_shape_t */
/* global variable */
#define ROBJECT_TRANSIENT_FLAG FL_USER2
/* variable.c */
void rb_gc_mark_global_tbl(void);
void rb_gc_update_global_tbl(void);
size_t rb_generic_ivar_memsize(VALUE);
VALUE rb_search_class_path(VALUE);
VALUE rb_attr_delete(VALUE, ID);
void rb_autoload_str(VALUE mod, ID id, VALUE file);
VALUE rb_autoload_at_p(VALUE, ID, int);
NORETURN(VALUE rb_mod_const_missing(VALUE,VALUE));
rb_gvar_getter_t *rb_gvar_getter_function_of(ID);
rb_gvar_setter_t *rb_gvar_setter_function_of(ID);
void rb_gvar_readonly_setter(VALUE v, ID id, VALUE *_);
void rb_gvar_ractor_local(const char *name);
static inline bool ROBJ_TRANSIENT_P(VALUE obj);
static inline void ROBJ_TRANSIENT_SET(VALUE obj);
static inline void ROBJ_TRANSIENT_UNSET(VALUE obj);
struct gen_ivtbl;
int rb_gen_ivtbl_get(VALUE obj, ID id, struct gen_ivtbl **ivtbl);
int rb_obj_evacuate_ivs_to_hash_table(ID key, VALUE val, st_data_t arg);
RUBY_SYMBOL_EXPORT_BEGIN
/* variable.c (export) */
void rb_mark_generic_ivar(VALUE);
void rb_mv_generic_ivar(VALUE src, VALUE dst);
VALUE rb_const_missing(VALUE klass, VALUE name);
int rb_class_ivar_set(VALUE klass, ID vid, VALUE value);
void rb_iv_tbl_copy(VALUE dst, VALUE src);
RUBY_SYMBOL_EXPORT_END
MJIT_SYMBOL_EXPORT_BEGIN
VALUE rb_ivar_lookup(VALUE obj, ID id, VALUE undef);
VALUE rb_gvar_get(ID);
VALUE rb_gvar_set(ID, VALUE);
VALUE rb_gvar_defined(ID);
void rb_const_warn_if_deprecated(const rb_const_entry_t *, VALUE, ID);
rb_shape_t * rb_grow_iv_list(VALUE obj);
void rb_ensure_iv_list_size(VALUE obj, uint32_t len, uint32_t newsize);
struct gen_ivtbl *rb_ensure_generic_iv_list_size(VALUE obj, rb_shape_t *shape, uint32_t newsize);
attr_index_t rb_obj_ivar_set(VALUE obj, ID id, VALUE val);
MJIT_SYMBOL_EXPORT_END
static inline bool
ROBJ_TRANSIENT_P(VALUE obj)
{
#if USE_TRANSIENT_HEAP
return FL_TEST_RAW(obj, ROBJECT_TRANSIENT_FLAG);
#else
return false;
#endif
}
static inline void
ROBJ_TRANSIENT_SET(VALUE obj)
{
#if USE_TRANSIENT_HEAP
FL_SET_RAW(obj, ROBJECT_TRANSIENT_FLAG);
#endif
}
static inline void
ROBJ_TRANSIENT_UNSET(VALUE obj)
{
#if USE_TRANSIENT_HEAP
FL_UNSET_RAW(obj, ROBJECT_TRANSIENT_FLAG);
#endif
}
#endif /* INTERNAL_VARIABLE_H */
Reference in a new issue View git blame Copy permalink