should be initialize jit_unit->cc_entries.

GC can invoke just after allocation of jit_unit->cc_entries so it should be zero-cleared.
ruby · Feb 25, 2020 · 84d1a99 · 84d1a99
1 parent 670b7be
commit 84d1a99
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 3 deletions.
diff --git a/iseq.c b/iseq.c
@@ -363,7 +363,9 @@ rb_iseq_mark(const rb_iseq_t *iseq)
             // TODO: move to mjit.c?
             for (unsigned int i=0; i<body->ci_size; i++) {
                 const struct rb_callcache *cc = body->jit_unit->cc_entries[i];
-                rb_gc_mark((VALUE)cc); // pindown
+                if (cc != NULL) {
+                    rb_gc_mark((VALUE)cc); // pindown
+                }
             }
         }
 #endif

diff --git a/mjit.c b/mjit.c
@@ -295,7 +295,7 @@ create_unit(const rb_iseq_t *iseq)
     unit->id = current_unit_num++;
     unit->iseq = (rb_iseq_t *)iseq;
     if (iseq->body->ci_size > 0) {
-        unit->cc_entries = ALLOC_N(const struct rb_callcache *, iseq->body->ci_size);
+        unit->cc_entries = ZALLOC_N(const struct rb_callcache *, iseq->body->ci_size);
     }
     iseq->body->jit_unit = unit;
 }

diff --git a/mjit_worker.c b/mjit_worker.c
@@ -1141,7 +1141,7 @@ mjit_copy_cache_from_main_thread(const rb_iseq_t *iseq, union iseq_inline_storag
             if (iseq->body->jit_unit == NULL) rb_fatal("malloc failed");
             if (iseq->body->ci_size > 0) {
                 iseq->body->jit_unit->cc_entries =
-                  (const struct rb_callcache **)malloc(sizeof(const struct rb_callcache *) * iseq->body->ci_size);
+                  (const struct rb_callcache **)calloc(iseq->body->ci_size, sizeof(const struct rb_callcache *));
                 if (iseq->body->jit_unit->cc_entries == NULL) rb_fatal("malloc failed");
             }
         }