From: "alanwu (Alan Wu) via ruby-core" Date: 2025-11-08T20:31:21+00:00 Subject: [ruby-core:123735] [Ruby Bug#21655] segfault when building 3.3.10, regression from 3.3.9 Issue #21655 has been updated by alanwu (Alan Wu). Status changed from Open to Third Party's Issue Thanks, I was able to repro this locally. I confirmed that it's a miscompilation, ran reduction and sent a GCC bug report https://gcc.gnu.org/bugzilla/show_bug.cgi?id=122610 The following workaround fixes the build for me: ```patch diff --git a/include/ruby/internal/core/rstring.h b/patched-rstring.h index 9cf9daa..d76ba9c 100644 --- a/include/ruby/internal/core/rstring.h +++ b/patched-rstring.h @@ -415,7 +415,9 @@ RBIMPL_ATTR_ARTIFICIAL() static inline char * RSTRING_PTR(VALUE str) { - char *ptr = rbimpl_rstring_getmem(str).as.heap.ptr; + char *ptr = RB_FL_TEST_RAW(str, RSTRING_NOEMBED) ? + RSTRING(str)->as.heap.ptr : + RSTRING(str)->as.embed.ary; if (RUBY_DEBUG && RB_UNLIKELY(! ptr)) { /* :BEWARE: @shyouhei thinks that currently, there are rooms for this ``` It fixes this particular instance, but with an optimizer bug in play, who knows where else we're hitting it. To dodge the bug, maybe all usages of rbimpl_rstring_getmem() need to be rewritten. I'll defer to @nagachia whether we want to apply a workaround for ruby_3_3. This shows up as a miscompilation of str_buf_cat4(), particularly this part: ```c RESIZE_CAPA_TERM(str, capa, termlen); sptr = RSTRING_PTR(str); ``` GCC deletes the RSTRING_PTR() reload in case the string grows and turns from embedded to heap. The memcpy afterwards using the stale sptr then stomps on the newly allocated pointer. ---------------------------------------- Bug #21655: segfault when building 3.3.10, regression from 3.3.9 https://bugs.ruby-lang.org/issues/21655#change-115123 * Author: kurly (Greg Kubaryk) * Status: Third Party's Issue * ruby -v: ruby 3.3.10 (2025-10-23 revision 343ea05002) [x86_64-linux] * Backport: 3.2: UNKNOWN, 3.3: UNKNOWN, 3.4: UNKNOWN ---------------------------------------- ref downstream bug https://bugs.gentoo.org/965095 - reporting upstream because I was able to reproduce the problem from ruby-3.3.10.tar.xz manually build log excerpt; the rest will be provided as an attachment ``` gcc -O2 -pipe -march=amdfam10 -L. -fstack-protector-strong -rdynamic -Wl,-export-dynamic -fstack-protector-strong -pie main.o dmydln.o miniinit.o dmyext.o array.o ast.o bignum.o class.o compar.o compile.o complex.o cont.o debug.o debug_counter.o dir.o dln_find.o encoding.o enum.o enumerator.o error.o eval.o file.o gc.o hash.o inits.o io.o io_buffer.o iseq.o load.o marshal.o math.o memory_view.o rjit.o rjit_c.o node.o node_dump.o numeric.o object.o pack.o parse.o parser_st.o proc.o process.o ractor.o random.o range.o rational.o re.o regcomp.o regenc.o regerror.o regexec.o regparse.o regsyntax.o ruby.o ruby_parser.o scheduler.o shape.o signal.o sprintf.o st.o strftime.o string.o struct.o symbol.o thread.o time.o transcode.o util.o variable.o version.o vm.o vm_backtrace.o vm_dump.o vm_sync.o vm_trace.o weakmap.o prism/api_node.o prism/api_pack.o prism/diagnostic.o prism/encoding.o prism/extension.o prism/node.o prism/options.o prism/pack.o prism/prettyprint.o prism/regexp.o prism/seri alize.o prism/token_type.o prism/util/pm_buffer.o prism/util/pm_char.o prism/util/pm_constant_pool.o prism/util/pm_list.o prism/util/pm_memchr.o prism/util/pm_newline_list.o prism/util/pm_state_stack.o prism/util/pm_string.o prism/util/pm_string_list.o prism/util/pm_strncasecmp.o prism/util/pm_strpbrk.o prism/prism.o prism_init.o yjit.o yjit/target/release/libyjit.o coroutine/amd64/Context.o enc/ascii.o enc/us_ascii.o enc/unicode.o enc/utf_8.o enc/trans/newline.o setproctitle.o addr2line.o -lz -lrt -lrt -lgmp -ldl -lcrypt -lm -lpthread -o miniruby : ./miniruby -I./lib -I. -I.ext/common ./tool/generic_erb.rb -o builtin_binary.inc \ ./template/builtin_binary.inc.tmpl make: *** [uncommon.mk:1316: builtin_binary.inc] Segmentation fault (core dumped) ``` ---Files-------------------------------- buildlog (76.5 KB) -- https://bugs.ruby-lang.org/ ______________________________________________ ruby-core mailing list -- ruby-core@ml.ruby-lang.org To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org ruby-core info -- https://ml.ruby-lang.org/mailman3/lists/ruby-core.ml.ruby-lang.org/