https://git.ruby-lang.org/ruby.git/commit/?id=06594e7134

From 06594e713416fad35b6241fed802607682d7cea6 Mon Sep 17 00:00:00 2001
From: Peter Zhu <peter@p...>
Date: Sat, 12 Mar 2022 12:15:04 -0500
Subject: Fix crash on GC stress and RGENGC_CHECK_MODE=2

rb_ary_reset could leave the array in a bad state since it frees memory
but does not unset any flags. This can cause a crash on GC stress. This
commit changes rb_ary_reset to set the array as an empty embedded array.
---
 array.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/array.c b/array.c
index 2790c2a61f..ae2ba38cbe 100644
--- a/array.c
+++ b/array.c
@@ -537,6 +537,9 @@ rb_ary_reset(VALUE ary) https://github.com/ruby/ruby/blob/trunk/array.c#L537
     else if (ARY_SHARED_P(ary)) {
         rb_ary_unshare(ary);
     }
+
+    FL_SET_EMBED(ary);
+    ARY_SET_EMBED_LEN(ary, 0);
 }
 
 static VALUE
@@ -1079,8 +1082,8 @@ rb_ary_initialize(int argc, VALUE *argv, VALUE ary) https://github.com/ruby/ruby/blob/trunk/array.c#L1082
     rb_ary_modify(ary);
     if (argc == 0) {
         rb_ary_reset(ary);
-        FL_SET_EMBED(ary);
-	ARY_SET_EMBED_LEN(ary, 0);
+        assert(ARY_EMBED_P(ary));
+        assert(ARY_EMBED_LEN(ary) == 0);
 	if (rb_block_given_p()) {
 	    rb_warning("given block not used");
 	}
@@ -4394,7 +4397,7 @@ rb_ary_replace(VALUE copy, VALUE orig) https://github.com/ruby/ruby/blob/trunk/array.c#L4397
     rb_ary_reset(copy);
 
     if (RARRAY_LEN(orig) <= RARRAY_EMBED_LEN_MAX) {
-        FL_SET_EMBED(copy);
+        assert(ARY_EMBED_P(copy));
         ary_memcpy(copy, 0, RARRAY_LEN(orig), RARRAY_CONST_PTR_TRANSIENT(orig));
         ARY_SET_LEN(copy, RARRAY_LEN(orig));
     }
-- 
cgit v1.2.1


--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/