ruby-changes:35170
From: ko1 <ko1@a...>
Date: Fri, 22 Aug 2014 20:17:10 +0900 (JST)
Subject: [ruby-changes:35170] ko1:r47252 (trunk): * string.c (rb_fstring, fstr_update_callback): simply delete garbage
ko1 2014-08-22 20:16:56 +0900 (Fri, 22 Aug 2014) New Revision: 47252 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=47252 Log: * string.c (rb_fstring, fstr_update_callback): simply delete garbage key first. Garbage keys can be swept by lazy sweeping invoked by creating new fstring. So that simply do: (1) delete garbage key and return `fstr_update_callback' immediately (2) try again `fstr_update_callback()' to create a new fstr. This bug can be cause memory corruption, reported by http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20140821T220302Z.fail.html.gz Modified files: trunk/ChangeLog trunk/string.c Index: ChangeLog =================================================================== --- ChangeLog (revision 47251) +++ ChangeLog (revision 47252) @@ -1,3 +1,16 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Fri Aug 22 20:07:43 2014 Koichi Sasada <ko1@a...> + + * string.c (rb_fstring, fstr_update_callback): simply delete garbage + key first. + + Garbage keys can be swept by lazy sweeping invoked by creating new + fstring. So that simply do: + (1) delete garbage key and return `fstr_update_callback' immediately + (2) try again `fstr_update_callback()' to create a new fstr. + + This bug can be cause memory corruption, reported by + http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20140821T220302Z.fail.html.gz + Fri Aug 22 19:30:39 2014 SHIBATA Hiroshi <shibata.hiroshi@g...> * test/ruby/test_complex.rb: removed commented-out code. Index: string.c =================================================================== --- string.c (revision 47251) +++ string.c (revision 47252) @@ -194,8 +194,8 @@ fstr_update_callback(st_data_t *key, st_ https://github.com/ruby/ruby/blob/trunk/string.c#L194 * at next time */ if (rb_objspace_garbage_object_p(str)) { - str = *fstr; - goto create_new_fstr; + *fstr = Qundef; + return ST_DELETE; } *fstr = str; @@ -203,7 +203,6 @@ fstr_update_callback(st_data_t *key, st_ https://github.com/ruby/ruby/blob/trunk/string.c#L203 } else { if (STR_SHARED_P(str)) { /* str should not be shared */ - create_new_fstr: str = rb_enc_str_new(RSTRING_PTR(str), RSTRING_LEN(str), STR_ENC_GET(str)); OBJ_FREEZE(str); } @@ -220,6 +219,8 @@ fstr_update_callback(st_data_t *key, st_ https://github.com/ruby/ruby/blob/trunk/string.c#L219 VALUE rb_fstring(VALUE str) { + VALUE ret; + Check_Type(str, T_STRING); if (!frozen_strings) @@ -228,8 +229,12 @@ rb_fstring(VALUE str) https://github.com/ruby/ruby/blob/trunk/string.c#L229 if (FL_TEST(str, RSTRING_FSTR)) return str; - st_update(frozen_strings, (st_data_t)str, fstr_update_callback, (st_data_t)&str); - return str; + do { + ret = str; + st_update(frozen_strings, (st_data_t)str, fstr_update_callback, (st_data_t)&ret); + } while (ret != Qundef); + + return ret; } static VALUE -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/