Fix segfault bug when write-barriering CStruct REPRd objects.

child_objs is now allocated with mem_sys_allocate_zeroed, and a child object is ignored if child_objs[i] is NULL. This fixes a bug where write-barriering would trip over a bogus pointer when write-barriering a struct returned from C and a field was unread before passing it to another C function.
Raku · Aug 6, 2012 · 3abd848 · 3abd848
1 parent e401db5
commit 3abd848
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/src/6model/reprs/CStruct.c b/src/6model/reprs/CStruct.c
@@ -366,7 +366,7 @@ static PMC * allocate(PARROT_INTERP, STable *st) {
     /* Allocate child obj array. */
     if(repr_data->num_child_objs > 0) {
         size_t bytes = repr_data->num_child_objs*sizeof(PMC *);
-        obj->body.child_objs = (PMC **) mem_sys_allocate(bytes);
+        obj->body.child_objs = (PMC **) mem_sys_allocate_zeroed(bytes);
         memset(obj->body.child_objs, 0, bytes);
     }
 

diff --git a/src/ops/nqp_dyncall.ops b/src/ops/nqp_dyncall.ops
@@ -598,7 +598,7 @@ static void dyncall_wb_cs(PARROT_INTERP, PMC *obj) {
         void *cptr;   /* The pointer in the C storage. */
         void *objptr; /* The pointer in the object representing the C object. */
 
-        if (kind == CSTRUCT_ATTR_IN_STRUCT)
+        if (kind == CSTRUCT_ATTR_IN_STRUCT || !body->child_objs[slot])
             continue;
 
         cptr = *((void **) (storage + repr_data->struct_offsets[i]));