-
Notifications
You must be signed in to change notification settings - Fork 605
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fixed allocation of CallFrame.scope in JITted code
Consider the following: def method_yield(arg) yield(6, 7) end 50_000.times do shadow = 2 method_yield([]) { |shadow, k| } end In the { |shadow, k| } block of the below piece of code, machine_code->total_args (2) > machine_code_->number_of_locals (1). the JIT would allocate space for number_of_locals elements in the CallFrame.scope->locals_ array, but write total_args elements into the array, past the boundary of allocated memory. this showed up as an overwrite of the subsequent CallFrame object, corrupting its previous pointer and causing a segfault when GC attempted to walk back through callframes.
Showing
3 changed files
with
12 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters