Bug #2781: crash when gc_mark()ing already free'd locals of cloned scope
http://redmine.ruby-lang.org/issues/show/2781

Author: coderrr .
Status: Open, Priority: High
Category: core
ruby -v: >= 1.8.7-p248

This causes a segfault on >= 1.8.7-p248

---
def def_x(arg)
  Object.send :define_method, :x do
    def_x lambda{}
  end
end
    
GC.stress = true  # unnecessary but makes it occur faster
def_x nil
n = 3 # minimum for crash, increase if needed
n.times { x 0 }
---

This bug was caused by the fix i suggested for #1322,  http://github.com/rubyspec/matzruby/commit/7c646cbba0815b3c9c7dc76f80fae58b30ec66b4.

The previous fix is flawed in that it added the SCOPE_MALLOC flag to the scope just so scope_dup() didn't process it.  This had the side-effect that gc_mark_children() now processes the scope whereas it would not have before.   A better fix is the following, which instead of adding the SCOPE_MALLOC flag, we add a check for the SCOPE_CLONE flag to scope_dup().  This fixes bug #1322 as well as the segfault: http://github.com/coderrr/matzruby/commit/249c7d9912b961a9350f300ed148857100a659f8

Please check the patch for other unforseen side effects.  I didn't see any changes in rubyspec failures from p174 to a patched p248.


----------------------------------------
http://redmine.ruby-lang.org