From: "byroot (Jean Boussier) via ruby-core" <ruby-core@...>
Date: 2023-03-14T07:42:51+00:00
Subject: [ruby-core:112871] [Ruby master Bug#19529] [BUG] ObjectSpace::WeakMap can segfault after compaction

Issue #19529 has been reported by byroot (Jean Boussier).

----------------------------------------
Bug #19529: [BUG] ObjectSpace::WeakMap can segfault after compaction
https://bugs.ruby-lang.org/issues/19529

* Author: byroot (Jean Boussier)
* Status: Open
* Priority: Normal
* ruby -v: 3.2.1, 2.7.5p203
* Backport: 2.7: WONTFIX, 3.0: REQUIRED, 3.1: REQUIRED, 3.2: REQUIRED
----------------------------------------
Reproduction script:

```ruby
wm = ObjectSpace::WeakMap.new
obj = Object.new
100.times do |i|
  GC.compact
  wm[i] = obj #  [BUG] Segmentation fault at 0x0000000000000001
end
```

Crash report:

```
/tmp/weakmap.rb:5: [BUG] Segmentation fault at 0x0000000000000003
ruby 3.2.1 (2023-02-08 revision 31819e82c8) [arm64-darwin22]

-- Crash Report log information --------------------------------------------
   See Crash Report log file in one of the following locations:             
     * ~/Library/Logs/DiagnosticReports                                     
     * /Library/Logs/DiagnosticReports                                      
   for more details.                                                        
Don't forget to include the above Crash Report log file in bug reports.     

-- Control frame information -----------------------------------------------
c:0005 p:---- s:0023 e:000022 CFUNC  :[]=
c:0004 p:0016 s:0017 e:000015 BLOCK  /tmp/weakmap.rb:5 [FINISH]
c:0003 p:---- s:0012 e:000011 CFUNC  :times
c:0002 p:0017 s:0008 E:0025b0 EVAL   /tmp/weakmap.rb:3 [FINISH]
c:0001 p:0000 s:0003 E:0010b0 DUMMY  [FINISH]

-- Ruby level backtrace information ----------------------------------------
/tmp/weakmap.rb:3:in `<main>'
/tmp/weakmap.rb:3:in `times'
/tmp/weakmap.rb:5:in `block in <main>'
/tmp/weakmap.rb:5:in `[]='

-- Machine register context ------------------------------------------------
  x0: 0x000000016da8a6b0  x1: 0x000000016da8a6a8  x2: 0x000000000000003d
  x3: 0x0000000000000001  x4: 0x0000000000000000  x5: 0x0000000000000b00
  x6: 0x0000600002db4b00  x7: 0x0000000000000000 x18: 0x0000000000000000
 x19: 0x000000016da8a6a8 x20: 0x000000000000003d x21: 0x0000000000000003
 x22: 0x0000000000000001 x23: 0x00000001023df7b8 x24: 0x0000000000000001
 x25: 0x0000000000000000 x26: 0x00006000027bdf80 x27: 0xffffffffffffffff
 x28: 0xffffffffffffffff  lr: 0x0000000102ca28f0  fp: 0x000000016da8a680
  sp: 0x000000016da8a640

-- C level backtrace information -------------------------------------------
/opt/rubies/3.2.1/lib/libruby.3.2.dylib(rb_vm_bugreport+0x9a0) [0x102d3ba98]
/opt/rubies/3.2.1/lib/libruby.3.2.dylib(rb_bug_for_fatal_signal+0x160) [0x102b5fe14]
/opt/rubies/3.2.1/lib/libruby.3.2.dylib(sig_do_nothing+0x0) [0x102c9a354]
/usr/lib/system/libsystem_platform.dylib(_sigtramp+0x38) [0x19b63c2a4]
/opt/rubies/3.2.1/lib/libruby.3.2.dylib(rb_st_update+0x328) [0x102ca28f0]
/opt/rubies/3.2.1/lib/libruby.3.2.dylib(rb_st_update+0x328) [0x102ca28f0]
/opt/rubies/3.2.1/lib/libruby.3.2.dylib(wmap_aset+0x90) [0x102b88e9c]
/opt/rubies/3.2.1/lib/libruby.3.2.dylib(vm_call_cfunc_with_frame+0xe8) [0x102d2fc7c]
/opt/rubies/3.2.1/lib/libruby.3.2.dylib(vm_sendish+0x4cc) [0x102d31fdc]
/opt/rubies/3.2.1/lib/libruby.3.2.dylib(vm_exec_core+0x239c) [0x102d136c8]
/opt/rubies/3.2.1/lib/libruby.3.2.dylib(rb_vm_exec+0xad4) [0x102d26bf0]
/opt/rubies/3.2.1/lib/libruby.3.2.dylib(invoke_block_from_c_bh+0x398) [0x102d36438]
/opt/rubies/3.2.1/lib/libruby.3.2.dylib(rb_yield_1+0x7c) [0x102d1f208]
/opt/rubies/3.2.1/lib/libruby.3.2.dylib(int_dotimes+0x148) [0x102bff3ec]
/opt/rubies/3.2.1/lib/libruby.3.2.dylib(vm_call_cfunc_with_frame+0xe8) [0x102d2fc7c]
/opt/rubies/3.2.1/lib/libruby.3.2.dylib(vm_sendish+0x4cc) [0x102d31fdc]
/opt/rubies/3.2.1/lib/libruby.3.2.dylib(vm_exec_core+0x2350) [0x102d1367c]
/opt/rubies/3.2.1/lib/libruby.3.2.dylib(rb_vm_exec+0xad4) [0x102d26bf0]
/opt/rubies/3.2.1/lib/libruby.3.2.dylib(rb_ec_exec_node+0x12c) [0x102b6b4ac]
/opt/rubies/3.2.1/lib/libruby.3.2.dylib(ruby_run_node+0x60) [0x102b6b318]
/opt/rubies/3.2.1/bin/ruby(main+0x68) [0x102377f34]
```

Seems to happens since 2.7.



-- 
https://bugs.ruby-lang.org/
 ______________________________________________
 ruby-core mailing list -- ruby-core@ml.ruby-lang.org
 To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
 ruby-core info -- https://ml.ruby-lang.org/mailman3/postorius/lists/ruby-core.ml.ruby-lang.org/