Bug #19595
closed
YJIT: Crash from missing argc check in known cfuncs
Description
https://github.com/ruby/ruby/pull/7697
Previously we were missing a compile-time check that the known cfuncs receive the correct number of arguments.
$ ruby --yjit-call-threshold=1 -e '"foo".to_s(*[])'
ruby: YJIT has panicked. More info to follow...
thread '<unnamed>' panicked at 'assertion failed: `(left == right)`
left: `1`,
right: `2`', ./yjit/src/codegen.rs:7225:5
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
-e:1: [BUG] YJIT panicked
ruby 3.3.0dev (2023-04-08T18:54:01Z master 671cfc2000) +YJIT [x86_64-linux]
This likely needs a backport to Ruby 3.2, Ruby 3.1 does not have this bug
Updated by jhawthorn (John Hawthorn) about 1 year ago
- Status changed from Open to Closed
Applied in changeset git|0ce2bdc76dd17aa3d42a352a6244c87a51e7606d.
YJIT: Fix missing argc check in known cfuncs
Previously we were missing a compile-time check that the known cfuncs
receive the correct number of arguments.
We noticied this because in particular when using ARGS_SPLAT, which also
wasn't checked, YJIT would crash on code which was otherwise correct
(didn't raise exceptions in the VM).
This still supports vararg (argc == -1) cfuncs. I added an additional
assertion that when we use the specialized codegen for one of these
known functions that the argc are popped off the stack correctly, which
should help ensure they're implemented correctly (previously the crash
was usually observed on a future leave insn).
[Bug #19595]
Updated by nagachika (Tomoyuki Chikanaga) 10 months ago
- Backport changed from 3.0: DONTNEED, 3.1: DONTNEED, 3.2: REQUIRED to 3.0: DONTNEED, 3.1: DONTNEED, 3.2: DONE
ruby_3_2 8852b4b2deea20f488208dc4730ef149f67d7594 merged revision(s) 0ce2bdc76dd17aa3d42a352a6244c87a51e7606d.