ruby-core

Issue #12427 has been reported by Sadayuki Furuhashi.

----------------------------------------
Bug #12427: Defining methods with the same name to both Fixnum and Bignum classes could cause SEGV in C extensions since Feature #12005
https://bugs.ruby-lang.org/issues/12427

* Author: Sadayuki Furuhashi
* Status: Open
* Priority: Normal
* Assignee: 
* ruby -v: ruby 2.4.0dev (2016-05-21 trunk 55091) [x86_64-darwin14]
* Backport: 2.1: UNKNOWN, 2.2: UNKNOWN, 2.3: UNKNOWN
----------------------------------------
My gem (msgpack.gem) includes C extension with following pseudo code.
This code is working well with released ruby versions. But it caused SEGV with ruby 2.4.0-dev trunk 55091.

```
static VALUE Fixnum_to_msgpack(int argc, VALUE* argv, VALUE self)
{
    long v = FIX2LONG(self);
    printf("%ld", v);  // work with v
}

static VALUE Bignum_to_msgpack(int argc, VALUE* argv, VALUE self)
{
    if (RBIGNUM_POSITIVE_P(self)) {
        uint64_t positive = rb_big2ull(self);
        printf("%llu", positive);  // work with positive
    } else {
        int64_t negative = rb_big2ll(self);
        printf("%lld", negative);  // work with negative
    }
}

void Init_msgpack(void)
{
    rb_define_method(rb_cFixnum, "to_msgpack", Fixnum_to_msgpack, -1);
    rb_define_method(rb_cBignum, "to_msgpack", Bignum_to_msgpack, -1);
}
```

Apparently, since Feature #12005 (https://bugs.ruby-lang.org/issues/12005), both rb_cFixnum and rb_cBignum are reference to rb_cInteger (rb_cFixnum == rb_cBignum). Therefore, the later rb_define_method call on rb_cBignum overwrites the method with same name on rb_cFixnum. So if to_msgpack method is called against an integer in the range of fixnum, Bignum_to_msgpack function is called against a fixnum object. Then, RBIGNUM_POSITIVE_P is called against a fixnum object. However, because RBIGNUM_POSITIVE_P expects bignum object strictly despite of underlaying unified class definition with fixnum, it causes SEGV. This issue happens differently if the order of rb_define_method against rb_cFixnum and rb_cBignum is opposite.

This test code reproduces the problem:
https://github.com/msgpack/msgpack-ruby/pull/115/commits/26183b718963f882309d52c167dc866ba5260272

I added following fix to the C extension. It succeeded to avoid the problem:
https://github.com/msgpack/msgpack-ruby/pull/115/files

Concern 1 is that this issue seems a common problem with C extensions and hard to debug unless the author is aware of changes of Feature #12005 including its influence on C API.
Concern 2 is that C extensions want to use a macro instead of runtime `if (rb_cFixnum == rb_cBignum)` check to branch code at compile time.
I hope that documents or release note of ruby 2.4 includes mention for those concerns and guidelines for their solution.




-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>