Fix corruption in ARGF.inplace #3409

peterzhu2118 · 2020-08-11T19:10:49Z

Extension string stored in ARGF.inplace is created using an api designed for C string constants to create a Ruby string that points at another Ruby string. When the original string is swept, the extension string gets corrupted.

Reproduction script (on MacOS):

#!/usr/bin/ruby -pi.bak

BEGIN {
  GC.start(full_mark: true)
  arr = []
  1000000.times do |x|
    arr << "fooo#{x}"
  end
}

puts "hello"

Redmine ticket: https://bugs.ruby-lang.org/issues/17117

Co-Authored-By: Matt Valentine-House @eightbitraptor

Extension string stored in `ARGF.inplace` is created using an api designed for C string constants to create a Ruby string that points at another Ruby string. When the original string is swept, the extension string gets corrupted. Reproduction script (on MacOS): ``` BEGIN { GC.start(full_mark: true) arr = [] 1000000.times do |x| arr << "fooo#{x}" end } puts "hello" ``` Co-Authored-By: Matt Valentine-House <31869+eightbitraptor@users.noreply.github.com>

peterzhu2118 marked this pull request as ready for review August 11, 2020 19:10

peterzhu2118 force-pushed the inplace-str-corruption branch 2 times, most recently from ceeb013 to f57b4b0 Compare August 11, 2020 20:47

peterzhu2118 force-pushed the inplace-str-corruption branch from f57b4b0 to 2e4001d Compare August 12, 2020 02:42

nobu merged commit 166cacc into ruby:master Aug 12, 2020
2 checks passed

peterzhu2118 deleted the inplace-str-corruption branch August 12, 2020 15:35

Fix corruption in ARGF.inplace #3409

Fix corruption in ARGF.inplace #3409

Conversation

peterzhu2118 commented Aug 11, 2020 • edited

peterzhu2118 commented Aug 11, 2020 •

edited