ruby-changes:64711
From: Nobuyoshi <ko1@a...>
Date: Sat, 2 Jan 2021 12:50:21 +0900 (JST)
Subject: [ruby-changes:64711] f690eb34e2 (master): Fixed dangling imemo_tmpbuf
https://git.ruby-lang.org/ruby.git/commit/?id=f690eb34e2 From f690eb34e28b000627e5f0649dd81a04e252286f Mon Sep 17 00:00:00 2001 From: Nobuyoshi Nakada <nobu@r...> Date: Sat, 2 Jan 2021 12:11:52 +0900 Subject: Fixed dangling imemo_tmpbuf The count of rb_alloc_tmp_buffer_with_count is the allocation size counted in VALUE size but not in the requested element size. Co-authored-by: Yusuke Endoh <mame@r...> Co-authored-by: Koichi Sasada <ko1@a...> diff --git a/include/ruby/internal/memory.h b/include/ruby/internal/memory.h index 974c21e..7d24df4 100644 --- a/include/ruby/internal/memory.h +++ b/include/ruby/internal/memory.h @@ -250,8 +250,9 @@ rbimpl_size_mul_or_raise(size_t x, size_t y) https://github.com/ruby/ruby/blob/trunk/include/ruby/internal/memory.h#L250 static inline void * rb_alloc_tmp_buffer2(volatile VALUE *store, long count, size_t elsize) { - return rb_alloc_tmp_buffer_with_count( - store, rbimpl_size_mul_or_raise(count, elsize), count); + const size_t total_size = rbimpl_size_mul_or_raise(count, elsize); + const size_t cnt = (total_size + sizeof(VALUE) - 1) / sizeof(VALUE); + return rb_alloc_tmp_buffer_with_count(store, total_size, cnt); } #ifndef __MINGW32__ -- cgit v0.10.2 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/