diff options
author | Alan Wu <XrXr@users.noreply.github.com> | 2024-02-13 12:51:36 -0500 |
---|---|---|
committer | Alan Wu <XrXr@users.noreply.github.com> | 2024-02-13 14:49:54 -0500 |
commit | 6261d4b4d8112a461ac5a383032490007f47029c (patch) | |
tree | f0aab4e74392d7971d170a72ccbad372846f6c4d /string.c | |
parent | 5add999deecaa51821a78d71db58a251862d55f4 (diff) | |
download | ruby-6261d4b4d8112a461ac5a383032490007f47029c.tar.gz |
Fix use-after-move in Symbol#inspect
The allocation could re-embed `orig_str` and invalidate the data
pointer from RSTRING_GETMEM() if the string is embedded.
Found on CI, where the test introduced in 7002e776944 ("Fix
Symbol#inspect for GC compaction") recently failed.
See: <https://github.com/ruby/ruby/actions/runs/7880657560/job/21503019659>
Diffstat (limited to 'string.c')
-rw-r--r-- | string.c | 6 |
1 files changed, 4 insertions, 2 deletions
@@ -11740,11 +11740,13 @@ sym_inspect(VALUE sym) } else { rb_encoding *enc = STR_ENC_GET(str); - VALUE orig_str = str; - RSTRING_GETMEM(orig_str, ptr, len); + len = RSTRING_LEN(orig_str); str = rb_enc_str_new(0, len + 1, enc); + + // Get data pointer after allocation + ptr = RSTRING_PTR(orig_str); dest = RSTRING_PTR(str); memcpy(dest + 1, ptr, len); |