[Bug #21357] Fix crash in Hash#merge with block#13404
Merged
mame merged 1 commit intoruby:masterfrom May 22, 2025
Merged
Conversation
9f65496 to
961ad14
Compare
Prior to ruby@49b306e the `optional_arg` passed from `rb_hash_update_block_i` to `tbl_update` was a hash value (i.e. a VALUE). After that commit it changed to an `update_call_args`. If the block sets or changes the value, `tbl_update_modify` will set the `arg.value` back to an actual value and we won't crash. But in the case where the block returns the original value we end up calling `RB_OBJ_WRITTEN` with the `update_call_args` which is not expected and may crash. `arg.value` appears to only be used to pass to `RB_OBJ_WRITTEN` (others who need the `update_call_args` get it from `arg.arg`), so I don't think it needs to be set to anything upfront. And `tbl_update_modify` will set the `arg.value` in the cases we need the write barrier.
961ad14 to
2ae28b0
Compare
mame
approved these changes
May 22, 2025
Member
mame
left a comment
There was a problem hiding this comment.
I have just written the same patch. I lost. Thanks!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Prior to 49b306e the
optional_argpassed fromrb_hash_update_block_itotbl_updatewas a hash value (i.e. a VALUE). After that commit it changed to anupdate_call_args.If the block sets or changes the value,
tbl_update_modifywill set thearg.valueback to an actual value and we won't crash. But in the case where the block returns the original value we end up callingRB_OBJ_WRITTENwith theupdate_call_argswhich is not expected and may crash.arg.valueappears to only be used to pass toRB_OBJ_WRITTEN(others who need theupdate_call_argsget it fromarg.arg), so I don't think it needs to be set to anything upfront. Andtbl_update_modifywill set thearg.valuein the cases we need the write barrier.Bug #21357