Ruby » Ruby master

On my Mac (Big Sur 11.5.2) using Ruby 3.0.2, I can duplicate the segfault with just the first two lines:

ENV = {}
spawn({}, "true")

However, this does NOT segfault:

ENV.replace({})
spawn({}, "true")

This seems to not segfault

ENV = {}
spawn({}, "true", :unsetenv_others => true)
ENV.replace({})

which leads me to believe that these lines are in play: https://github.com/ruby/ruby/blob/ebad1e829316de48f212cd57f88639fa5ac55ee4/process.c#L2981-L2982

Speculation ahead, but I'm at the point where I don't understand the Ruby C code anymore...but I think what's happening is, roughly:

https://github.com/ruby/ruby/blob/ebad1e829316de48f212cd57f88639fa5ac55ee4/process.c#L2980-L2984

        else {
            envtbl = rb_const_get(rb_cObject, id_ENV);
            envtbl = rb_to_hash_type(envtbl);
        }
        hide_obj(envtbl);

I think, in the "normal" ENV case, that the rb_to_hash_type is essentially creating a copy, and so hide_obj is essentially hiding a copy, so no big deal. But in the case of an ENV that is a Hash, rb_to_hash_type is returning the original reference and hiding that instead. Then after, the original object cannot be accessed.

I'll admit, I don't know what hide_obj actually does, and I'm having trouble following it.

Fryguy (Jason Frey) wrote in #note-3:

Speculation ahead, but I'm at the point where I don't understand the Ruby C code anymore...but I think what's happening is, roughly:

https://github.com/ruby/ruby/blob/ebad1e829316de48f212cd57f88639fa5ac55ee4/process.c#L2980-L2984

        else {
            envtbl = rb_const_get(rb_cObject, id_ENV);
            envtbl = rb_to_hash_type(envtbl);
        }
        hide_obj(envtbl);

I agree, that is a bug. It should not be looking for Object::ENV, it should be accessing the internal envtbl static variable. I'm guessing the reason it doesn't is that envtbl is static in hash.c. We probably need to add a non-static function in hash.c to return envtbl as a hash (e.g. rb_env_to_hash), and have the process.c code call that.

jeremyevans0 (Jeremy Evans) wrote in #note-4:

Fryguy (Jason Frey) wrote in #note-3:

Speculation ahead, but I'm at the point where I don't understand the Ruby C code anymore...but I think what's happening is, roughly:

https://github.com/ruby/ruby/blob/ebad1e829316de48f212cd57f88639fa5ac55ee4/process.c#L2980-L2984

        else {
            envtbl = rb_const_get(rb_cObject, id_ENV);
            envtbl = rb_to_hash_type(envtbl);
        }
        hide_obj(envtbl);

I agree, that is a bug. It should not be looking for Object::ENV, it should be accessing the internal envtbl static variable. I'm guessing the reason it doesn't is that envtbl is static in hash.c. We probably need to add a non-static function in hash.c to return envtbl as a hash (e.g. rb_env_to_hash), and have the process.c code call that.

I submitted a pull request that takes this approach to fixing the issue: https://github.com/ruby/ruby/pull/4834