"alexdowad (Alex Dowad)" <alexinbeijing / gmail.com> wrote:
> Nobu¤µ¤ó, I don't expect that you (or anyone else) would be able to reproduce this bug. As I said, it doesn't happen when I extract the part which is failing from Prawn, only when I run the tests against the whole thing (which I have modified -- I'm working on performance). This is not strange -- in general, memory corruption/pointer bugs are sensitive to the exact layout of data in memory, and changing small things in a program may randomly turn the bug on or off.

Does this happen with unmodified Prawn at all?

I'm not familiar with Prawn, but does any of its dependencies pull in
extra C extension which may have memory corruption bugs?

Can you share your work-in-progress changes to Prawn?

> - When Ruby GCs an unused object, does it zero out the memory used?

No

> - How about when a new object is allocated?

Yes.

> - I've heard that Ruby stores the contents of small strings directly
> in an RObject (or RValue or whatever it is...) union. The String which
> is being corrupted has 7 bytes. Will a String like that *always* be
> embedded, or is it possible that it could still use malloc'd memory
> for the contents?

It's possible to use malloc'ed memory for short string contents
(string capacity can be larger than length)