Bug #21352: Invalid read in shape lookup code - Ruby - Ruby Issue Tracking System

Actions

Copy link

Bug #21352

closed

Invalid read in shape lookup code

Added by Earlopain (Earlopain _) 7 days ago. Updated 7 days ago.

Status:

Closed

Assignee:

Target version:

ruby -v:

ruby 3.5.0dev (2025-05-19T04:27:50Z master 40c957ba21) +PRISM [x86_64-linux]

Backport:

3.2: UNKNOWN, 3.3: UNKNOWN, 3.4: UNKNOWN

[ruby-core:122192]

Description

Prism runs tests with valgrind and it recently started to report an invalid read in rb_shape_lookup. Example workflow: https://github.com/ruby/prism/actions/runs/15111527208/job/42471945845?pr=3564

Invalid read of size 8
  rb_shape_lookup (shape.c:347)
  rb_obj_shape (shape.h:184)
  rb_shape_obj_too_complex_p (shape.c:1098)
  rb_free_generic_ivar (variable.c:1274)
  rb_gc_obj_free_vm_weak_references (gc.c:2061)
  rb_gc_impl_shutdown_free_objects (default.c:2965)
  rb_objspace_free_objects (gc.c:1759)
  ruby_vm_destruct (vm.c:3209)
  rb_ec_cleanup (eval.c:263)
  ruby_run_node (eval.c:319)
  rb_main (main.c:42)
  main (main.c:62)

cc @byroot (Jean Boussier) since you did recent changes around the shape code.

I'm lacking knowledge to dig into this, so it may be a false positive (it uses https://github.com/Shopify/ruby_memcheck which does some heuristics). I confirmed that this happens locally on current ruby-dev when running bundle exec rake test:valgrind from ruby/prism.

Actions

Copy link

#1 [ruby-core:122193]

Updated by byroot (Jean Boussier) 7 days ago

I suspect it's caused by either a T_NONE or a T_IMEMO. I have a feature branch that ran into that issue I think and I haven't merged yet, but I could just cherry-pick that fix.

Actions

Copy link