Project

General

Profile

« Previous | Next » 

Revision 641e3843

Added by nagachika (Tomoyuki Chikanaga) over 4 years ago

merge revision(s) 93faa011d393bb4b5cf31a0cbb46922f0a5e7cdc: [Backport #16151]

    Tag string shared roots to fix use-after-free

    The buffer deduplication codepath in rb_fstring can be used to free the buffer
    of shared string roots, which leads to use-after-free.

    Introudce a new flag to tag strings that at one point have been a shared root.
    Check for it in rb_fstring to avoid freeing buffers that are shared by
    multiple strings. This change is based on nobu's idea in [ruby-core:94838].

    The included test case test for the sequence of calls to internal functions
    that lead to this bug. See attached ticket for Ruby level repros.

    [Bug #16151]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67804 b2dd03c8-39d4-4d8f-98ff-823fe69b080e