nobu	2013-10-02 14:19:00 +0900 (Wed, 02 Oct 2013)

  New Revision: 43112

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=43112

  Log:
    io.c: keep fptr read-closed
    
    * io.c (rb_io_close_read): keep fptr in write_io to be discarded, to
      fix freed pointer access when it is in use by other threads, and get
      rid of potential memory/fd leak.

  Modified files:
    trunk/ChangeLog
    trunk/io.c
Index: ChangeLog
===================================================================
--- ChangeLog	(revision 43111)
+++ ChangeLog	(revision 43112)
@@ -1,3 +1,9 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1
+Wed Oct  2 14:18:56 2013  Nobuyoshi Nakada  <nobu@r...>
+
+	* io.c (rb_io_close_read): keep fptr in write_io to be discarded, to
+	  fix freed pointer access when it is in use by other threads, and get
+	  rid of potential memory/fd leak.
+
 Tue Oct  1 23:44:00 2013  Charlie Somerville  <charliesome@r...>
 
 	* vm_core.h: use __attribute__((unused)) in UNINTIALIZED_VAR on clang
Index: io.c
===================================================================
--- io.c	(revision 43111)
+++ io.c	(revision 43112)
@@ -4432,11 +4432,14 @@ rb_io_close_read(VALUE io) https://github.com/ruby/ruby/blob/trunk/io.c#L4432
     write_io = GetWriteIO(io);
     if (io != write_io) {
 	rb_io_t *wfptr;
-        rb_io_fptr_cleanup(fptr, FALSE);
 	GetOpenFile(write_io, wfptr);
         RFILE(io)->fptr = wfptr;
-        RFILE(write_io)->fptr = NULL;
-        rb_io_fptr_finalize(fptr);
+	/* bind to write_io temporarily to get rid of memory/fd leak */
+	fptr->tied_io_for_writing = 0;
+	fptr->mode &= ~FMODE_DUPLEX;
+	RFILE(write_io)->fptr = fptr;
+	rb_io_fptr_cleanup(fptr, FALSE);
+	/* should not finalize fptr because another thread may be reading it */
         return Qnil;
     }
 

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/