Actions
Bug #21266
closed
YJIT GC safety crash with proc objects as block argument
Bug #21266:
YJIT GC safety crash with proc objects as block argument
Description
# Run with --yjit-call-threshold=1
def foo(args) = bar(*args, &proc { _1 })
def bar(_, _, _, _, *rest) = yield rest
GC.stress = true
foo([1,2,3,4])
foo([1,2,3,4])
The proc in these calls get collected on the yield to the GC to allocate the rest parameter arary.
../vm_core.h:1668: Assertion Failed: vm_block_handler_type:rb_obj_is_proc(block_handler)
Or in release builds:
../test.rb:1: [BUG] Segmentation fault at 0x0000000000000020
ruby 3.3.6 (2024-11-05 revision 75015d4c1f) +YJIT [arm64-darwin24]
-- C level backtrace information -------------------------------------------
/Users/alan/.rubies/ruby-3.3.6/bin/ruby(rb_vm_bugreport+0xb4c) [0x104595590]
/Users/alan/.rubies/ruby-3.3.6/bin/ruby(rb_bug_for_fatal_signal+0x100) [0x1043d6120]
/Users/alan/.rubies/ruby-3.3.6/bin/ruby(sig_do_nothing+0x0) [0x1044fc4b0]
/usr/lib/system/libsystem_platform.dylib(_sigtramp+0x38) [0x187572de4]
/Users/alan/.rubies/ruby-3.3.6/bin/ruby(rb_vm_invokeblock+0x144) [0x10456b004]
Updated by hsbt (Hiroshi SHIBATA) 8 months ago
- Status changed from Open to Assigned
Updated by rwstauner (Randy Stauner) 24 days ago
- Status changed from Assigned to Closed
Applied in changeset git|9168cad4d63a5d281d443bde4edea6be213b0b25.
YJIT: Bail out if proc would be stored above stack top
Fixes [Bug #21266].
Updated by k0kubun (Takashi Kokubun) 23 days ago
- Backport changed from 3.2: DONTNEED, 3.3: REQUIRED, 3.4: REQUIRED to 3.2: DONTNEED, 3.3: REQUIRED, 3.4: DONE
ruby_3_4 d8f087b581735ec250b8671c3574fa4d5b16ae54 merged revision(s) 9168cad4d63a5d281d443bde4edea6be213b0b25.
Updated by rwstauner (Randy Stauner) 20 days ago
Backport PR for 3.3: https://github.com/ruby/ruby/pull/15657
Actions