Previously GC could trigger a table rebuild of the generic ivar
st_table in the middle of calling the st_update callback. This could
cause entries to be reallocated or rearranged and the update to be for
the wrong entry.
This commit adds an assertion to make that case easier to detect, and
replaces the st_update with a separate st_lookup and st_insert.
Also free after insert in generic_ivar_set_shape_ivptr
Previously we were performing a realloc and then inserting the new value
into the table. If the table was flagged as requiring a rebuild, this
could trigger GC work and marking within that GC could access the ivptr
freed by realloc.
Added by
Fix use-after-free when resizing exivars (#13637)
Fix generic_ivar_set_shape_ivptr for table rebuild
[Bug #21438]
Previously GC could trigger a table rebuild of the generic ivar
st_table in the middle of calling the st_update callback. This could
cause entries to be reallocated or rearranged and the update to be for
the wrong entry.
This commit adds an assertion to make that case easier to detect, and
replaces the st_update with a separate st_lookup and st_insert.
Also free after insert in generic_ivar_set_shape_ivptr
Previously we were performing a realloc and then inserting the new value
into the table. If the table was flagged as requiring a rebuild, this
could trigger GC work and marking within that GC could access the ivptr
freed by realloc.
Co-authored-by: John Hawthorn [email protected]
Co-authored-by: Aaron Patterson [email protected]