From: nobu@...
Date: 2014-09-13T01:29:05+00:00
Subject: [ruby-core:65011] [ruby-trunk - Bug #10206] [Closed] garbage	symbols crash symbol GC

Issue #10206 has been updated by Nobuyoshi Nakada.

Status changed from Open to Closed
% Done changed from 0 to 100

Applied in changeset r47569.

----------
parse.y: intern_cstr

* parse.y (intern_cstr): remove `_without_pindown` suffix and use
  rb_intern3() as well as RIPPER, for the time being.
  [ruby-core:65009] [Bug #10206]

----------------------------------------
Bug #10206: garbage symbols crash symbol GC
https://bugs.ruby-lang.org/issues/10206#change-48884

* Author: Eric Wong
* Status: Closed
* Priority: Normal
* Assignee: Koichi Sasada
* Category: core
* Target version: current: 2.2.0
* ruby -v: trunk
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN
----------------------------------------
This is reproducible with just a test loop running for serveral minutes/hours:

	while make test-all TESTS=-j8; do :; done

It looks like SYM2ID/rb_sym2id interacts badly with dsymbol_check
when it encounters garbage objects.

dsymbol_check replaces an invalid object and returns a new object
for the caller, but the original arg for SYM2ID remains usable
to the caller:

        id = SYM2ID(garbage_sym);
        do_something(garbage_sym); /* bad invalid object used */

Changing: rb_sym2id(VALUE) to rb_sym2id(VALUE *)
might solve the issue, but introduces many incompatibilities in existing
code:

        id = rb_sym2id(&garbage_sym);
        do_something(garbage_sym); /* id == garbage_sym, safe to use */

ref: ruby-core thread starting at [ruby-core:64671]
backtraces:
	http://80x24.org/r35240/rb-dump.txt
	http://80x24.org/r35240/gdb-bt.txt





-- 
https://bugs.ruby-lang.org/