Fix ASAN support when invalidating CCs

Again, this code is walking the heap.  Empty slots can be poisoned, so
we need to unpoison before checking the type

3 files changed, 8 insertions, 2 deletions

diff --git a/ext/objspace/objspace.c b/ext/objspace/objspace.c
index 074dfbdc95..d35bd80b7b 100644
--- a/ext/objspace/objspace.c
+++ b/ext/objspace/objspace.c
@@ -59,7 +59,7 @@ total_i(void *vstart, void *vend, size_t stride, void *ptr)
     struct total_data *data = (struct total_data *)ptr;
 
     for (v = (VALUE)vstart; v != (VALUE)vend; v += stride) {
-        void *ptr = asan_poisoned_object_p(v);
+        void *poisoned = asan_poisoned_object_p(v);
         asan_unpoison_object(v, false);
 
 	if (RBASIC(v)->flags) {
@@ -77,7 +77,7 @@ total_i(void *vstart, void *vend, size_t stride, void *ptr)
 	    }
 	}
 
-        if (ptr) {
+        if (poisoned) {
             asan_poison_object(v);
         }
     }
diff --git a/vm.c b/vm.c
index 076bbbe3d8..1b8b5483aa 100644
--- a/vm.c
+++ b/vm.c
@@ -25,6 +25,7 @@
 #include "internal/re.h"
 #include "internal/symbol.h"
 #include "internal/vm.h"
+#include "internal/sanitizers.h"
 #include "iseq.h"
 #include "mjit.h"
 #include "ruby/st.h"
diff --git a/vm_method.c b/vm_method.c
index de48dc65a2..47ad040914 100644
--- a/vm_method.c
+++ b/vm_method.c
@@ -240,6 +240,8 @@ invalidate_all_cc(void *vstart, void *vend, size_t stride, void *data)
 {
     VALUE v = (VALUE)vstart;
     for (; v != (VALUE)vend; v += stride) {
+        void *ptr = asan_poisoned_object_p(v);
+        asan_unpoison_object(v, false);
         if (RBASIC(v)->flags) { // liveness check
             if (RB_TYPE_P(v, T_CLASS) ||
                 RB_TYPE_P(v, T_ICLASS)) {
@@ -249,6 +251,9 @@ invalidate_all_cc(void *vstart, void *vend, size_t stride, void *data)
                 RCLASS_CC_TBL(v) = NULL;
             }
         }
+        if (ptr) {
+            asan_poison_object(v);
+        }
     }
     return 0; // continue to iteration
 }