From: "nobu (Nobuyoshi Nakada)" <nobu@...>
Date: 2013-10-20T18:12:15+09:00
Subject: [ruby-core:57946] [ruby-trunk - Bug #9011][Closed] rb_fstring	unsafe to use in general case


Issue #9011 has been updated by nobu (Nobuyoshi Nakada).

Status changed from Open to Closed


----------------------------------------
Bug #9011: rb_fstring unsafe to use in general case
https://bugs.ruby-lang.org/issues/9011#change-42525

Author: normalperson (Eric Wong)
Status: Closed
Priority: Normal
Assignee: 
Category: 
Target version: 
ruby -v: trunk
Backport: 1.9.3: UNKNOWN, 2.0.0: UNKNOWN


I don't think the current "frozen"f in pure Ruby code is unsafe
(I haven't reproduced a crash)

But I do not think rb_fstring is generally safe for other C code, including extension authors

Consider the following case:

        fstr1 = rb_fstring(str)
        fstr1 goes out of scope
        GC mark runs ...
        fstr1 is eligible for lazy sweep
        fstr2 = rb_fstring(str)
        fstr2 is identical to fstr1
        fstr1 is swept (rb_str_free)
        fstr2 use attempted -> crash

I extracted this bug report from Feature #8998, where I showed a patch
which exposes this bug during "make check"



-- 
http://bugs.ruby-lang.org/