ruby-changes:63247
From: Aaron <ko1@a...>
Date: Fri, 2 Oct 2020 00:43:13 +0900 (JST)
Subject: [ruby-changes:63247] 9fb60672d5 (master): Fix a use-after-free bug reported by ASAN
https://git.ruby-lang.org/ruby.git/commit/?id=9fb60672d5 From 9fb60672d55162a92ab7e97b000a7e277458aab1 Mon Sep 17 00:00:00 2001 From: Aaron Patterson <tenderlove@r...> Date: Wed, 23 Sep 2020 20:06:38 -0700 Subject: Fix a use-after-free bug reported by ASAN If a fiber and thread are collected at the same time, the thread might get collected first and the pointer on the fiber will go bad. I don't think we need to check whether or not this is the main fiber in order to release its stack diff --git a/cont.c b/cont.c index 0304f4c..561398d 100644 --- a/cont.c +++ b/cont.c @@ -940,9 +940,7 @@ cont_free(void *ptr) https://github.com/ruby/ruby/blob/trunk/cont.c#L940 else { rb_fiber_t *fiber = (rb_fiber_t*)cont; coroutine_destroy(&fiber->context); - if (!fiber_is_root_p(fiber)) { - fiber_stack_release(fiber); - } + fiber_stack_release(fiber); } RUBY_FREE_UNLESS_NULL(cont->saved_vm_stack.ptr); -- cgit v0.10.2 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/