Bug #9011

rb_fstring unsafe to use in general case

Added by Eric Wong 6 months ago. Updated 6 months ago.

[ruby-core:57794]
Status:Closed
Priority:Normal
Assignee:-
Category:-
Target version:-
ruby -v:trunk Backport:1.9.3: UNKNOWN, 2.0.0: UNKNOWN

Description

I don't think the current "frozen"f in pure Ruby code is unsafe
(I haven't reproduced a crash)

But I do not think rb_fstring is generally safe for other C code, including extension authors

Consider the following case:

    fstr1 = rb_fstring(str)
    fstr1 goes out of scope
    GC mark runs ...
    fstr1 is eligible for lazy sweep
    fstr2 = rb_fstring(str)
    fstr2 is identical to fstr1
    fstr1 is swept (rb_str_free)
    fstr2 use attempted -> crash

I extracted this bug report from Feature #8998, where I showed a patch
which exposes this bug during "make check"

History

#1 Updated by Koichi Sasada 6 months ago

Nobu's patch r43210 may solve this problem. Could you verify it?

BTW, I don't like this fix. I'll try fix by another way.

#2 Updated by Eric Wong 6 months ago

"ko1 (Koichi Sasada)" redmine@ruby-lang.org wrote:

Nobu's patch r43210 may solve this problem. Could you verify it?

Thanks, I did not think to update my repo :x
Anyways, r43210 works fine.

BTW, I don't like this fix. I'll try fix by another way.

I'm not sure why you don't like it, but I'll be glad to test your fix.

#3 Updated by Nobuyoshi Nakada 6 months ago

  • Status changed from Open to Closed

Also available in: Atom PDF