YJIT: Fix gen_expandarray treating argument as VALUE - ruby.git

diff options

author	Alan Wu <XrXr@users.noreply.github.com>	2022-10-20 16:45:24 -0400
committer	Alan Wu <XrXr@users.noreply.github.com>	2022-10-20 18:12:15 -0400
commit	39f7eddec4c55711d56f05b085992a83bf23159e (patch)
tree	e671ea20ff3d42a557f8c992e257ac9370ae6e50 /test/ruby/test_autoload.rb
parent	2930302244037b0b08da65176eb725541b3ef800 (diff)
download	ruby-39f7eddec4c55711d56f05b085992a83bf23159e.tar.gz

YJIT: Fix gen_expandarray treating argument as VALUE

The expandarray instruction interpreters its arguments as rb_num_t. YJIT was treating the num argument as a VALUE previously and when it has a certain bit pattern, it can look like a GC pointer. The argument is not a pointer, so YJIT crashed when trying to mark those pointers. This bug existed previously, but our test suite didn't expose it until f55212bce939f736559709a8cd16c409772389c8. TestArgf#test_to_io has a line like: a1, a2, a3, a4, a5, a6, a7, a8 = array Which maps to an expandarray with an argument of 8. Qnil happened to be defined as 8, which masked the issue. Fix it by not using the argument as a VALUE.

Diffstat (limited to 'test/ruby/test_autoload.rb')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: