Motohiro KOSAKI <kosaki.motohiro / gmail.com> wrote: > File old_thread_select.patch added > > > static void > > rb_fd_rcopy(fd_set *dst, rb_fdset_t *src) > > { > > size_t size = howmany(rb_fd_max(src), NFDBITS) * sizeof(fd_mask); > > if (size < sizeof(fd_set)) size = sizeof(fd_set); > > memcpy(dst, rb_fd_ptr(src), size); > > } > > If size > sizeof(fd_set), this code makes memory corruption. I just thought of this again and think rb_bug() is better than rb_raise() here. While unlikely to hit either case, rb_raise() will leak memory since the rb_fd_term() call gets skipped.