[#92070] [Ruby trunk Feature#15667] Introduce malloc_trim(0) in full gc cycles — sam.saffron@...
Issue #15667 has been updated by sam.saffron (Sam Saffron).
3 messages
2019/04/01
[ruby-core:92413] [Ruby trunk Bug#15792] GC can leave strings used as hash keys in a corrupted state
From:
jean.boussier@...
Date:
2019-04-26 00:05:49 UTC
List:
ruby-core #92413
Issue #15792 has been updated by byroot (Jean Boussier).
Actually, even simpler repro script:
```
#!/usr/bin/env ruby --disable-gems
a =3D ('a' * 24).encode(Encoding::ASCII).gsub('x', '')
hash =3D {}
hash[a] =3D true
puts "Before garbage_collection: a=3D#{a.inspect}"
4.times { GC.start }
puts "After garbage_collection: a=3D#{a.inspect}"
```
----------------------------------------
Bug #15792: GC can leave strings used as hash keys in a corrupted state
https://bugs.ruby-lang.org/issues/15792#change-77770
* Author: byroot (Jean Boussier)
* Status: Open
* Priority: Normal
* Assignee: =
* Target version: =
* ruby -v: 2.6.2
* Backport: 2.4: UNKNOWN, 2.5: UNKNOWN, 2.6: UNKNOWN
----------------------------------------
The following script showcase the issue:
```
#!/usr/bin/env ruby --disable-gems
a =3D ('a' * 24).encode(Encoding::ASCII).gsub('x', '')
b =3D ('b' * 24).encode(Encoding::ASCII).gsub('x', '')
hash =3D {}
hash[a] =3D true
hash[b] =3D true
puts "Bebore garbage_collection: a=3D#{a.inspect} b=3D#{b.inspect}"
4.times { GC.start }
puts "After garbage_collection: a=3D#{a.inspect} b=3D#{b.inspect}"
```
Expected output:
```
Bebore garbage_collection: a=3D"aaaaaaaaaaaaaaaaaaaaaaaa" b=3D"bbbbbbbbbbbb=
bbbbbbbbbbbb"
After garbage_collection: a=3D"aaaaaaaaaaaaaaaaaaaaaaaa" b=3D"bbbbbbbbbbbbb=
bbbbbbbbbbb"
```
Actual output:
```
Ruby: 2.6.2
Bebore garbage_collection: a=3D"aaaaaaaaaaaaaaaaaaaaaaaa" b=3D"bbbbbbbbbbbb=
bbbbbbbbbbbb"
After garbage_collection: a=3D"}\x0Eu\xDB\xFC\a\x00\x80\xE9\ru\xDB\xFC\a\x0=
0\x10\x04\x00aaaaaa" b=3D"\x00\x00\x00\x00\x00\x00\x00\xC0\x00\x00\x00\x00\=
x00\x00\x00\xC0\x02\x00bbbbbb"
```
We reduced the repro script as much as we could, both the `.encode(ASCII)` =
and the `gsub` are necessary for the bug to manifest itself.
We also used `ObjectSpace.dump()` to analyze the corrupted string.
```
b =3D "shared":true, "encoding":"US-ASCII", "references":["0x7faf4a01aeb8"]
0x7faf4a01aeb8 =3D "frozen":true, "fstring":true, "bytesize":24, "value":"b=
bbbbbbbbbbbbbbbbbbbbbbb", "encoding":"US-ASCII"
```
Big thanks to =C9douard Chin who did most of the initial repro reduction.
-- =
https://bugs.ruby-lang.org/
Unsubscribe: <mailto:[email protected]?subject=3Dunsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>