Fix use-after-move in Symbol#inspect

The allocation could re-embed `orig_str` and invalidate the data pointer from RSTRING_GETMEM() if the string is embedded. Found on CI, where the test introduced in 7002e776944 ("Fix Symbol#inspect for GC compaction") recently failed. See: <https://github.com/ruby/ruby/actions/runs/7880657560/job/21503019659>
author: Alan Wu <XrXr@users.noreply.github.com> 2024-02-13 12:51:36 -0500
committer: Alan Wu <XrXr@users.noreply.github.com> 2024-02-13 14:49:54 -0500
commit: 6261d4b4d8112a461ac5a383032490007f47029c (patch)
tree: f0aab4e74392d7971d170a72ccbad372846f6c4d /string.c
parent: 5add999deecaa51821a78d71db58a251862d55f4 (diff)
download: ruby-6261d4b4d8112a461ac5a383032490007f47029c.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/string.c b/string.c
index 83be7d166b..4fc6ad8e31 100644
--- a/string.c
+++ b/string.c
@@ -11740,11 +11740,13 @@ sym_inspect(VALUE sym)
     }
     else {
         rb_encoding *enc = STR_ENC_GET(str);
-
         VALUE orig_str = str;
-        RSTRING_GETMEM(orig_str, ptr, len);
 
+        len = RSTRING_LEN(orig_str);
         str = rb_enc_str_new(0, len + 1, enc);
+
+        // Get data pointer after allocation
+        ptr = RSTRING_PTR(orig_str);
         dest = RSTRING_PTR(str);
         memcpy(dest + 1, ptr, len);
author	Alan Wu <XrXr@users.noreply.github.com>	2024-02-13 12:51:36 -0500
committer	Alan Wu <XrXr@users.noreply.github.com>	2024-02-13 14:49:54 -0500
commit	6261d4b4d8112a461ac5a383032490007f47029c (patch)
tree	f0aab4e74392d7971d170a72ccbad372846f6c4d /string.c
parent	5add999deecaa51821a78d71db58a251862d55f4 (diff)
download	ruby-6261d4b4d8112a461ac5a383032490007f47029c.tar.gz