On Mon, Feb 27, 2006 at 12:45:28AM +0900, Yukihiro Matsumoto wrote:
> |On my system the values returned by malloc start around 0xb7d00000 (when using brk)
> |so I can hardly create enough symbols to force a collision, but I can get
> |a crash on Linux with the following:
> 
> Since all symbol values have their second LSB set, they should not
> conflict with ordinary object values on an aligned memory allocator.
> At least on Linux system, the problem was caused by signedness issue
> of the symbol conversion.  I'd like to know if the following patch,
> that worked on Linux system, also work on MacOS X.
> 
> 							matz.
> 
> --- ruby.h	5 Feb 2006 15:43:10 -0000	1.97.2.11
> +++ ruby.h	26 Feb 2006 15:43:22 -0000
> @@ -169,3 +169,3 @@ VALUE rb_ull2inum _((unsigned LONG_LONG)
>  #define ID2SYM(x) ((VALUE)(((long)(x))<<8|SYMBOL_FLAG))
> -#define SYM2ID(x) RSHIFT((long)x,8)
> +#define SYM2ID(x) RSHIFT((unsigned long)x,8)

This solves the crash but doesn't prevent collisions, does it? Normal
objects are indeed 4-byte aligned, but whereas rb_obj_id uses LONG2NUM
for immediate values, it just does obj|FIXNUM_FLAG for normal objects,
so there can be a collision for VALUEs x such that x & 0x1f == 0x1c.

-- 
Mauricio Fernandez  -   http://eigenclass.org   -  non-trivial Ruby