On 2017/02/13 19:05, Nobuyoshi Nakada wrote:
>> But in marshal.c, I think we can use klass==0 to hide the object
>> and use rb_gc_force_recycle, instead.  AFAIK,
>> rb_gc_force_recycle is safe if the object has klass==0 for its
>> entire lifetime.
>>
>> How about the following?
> 
> Seems nice.

Sorry, I missed that `arg` may be dereferenced in `check_dump_arg()`
in the case continuation is used.  Hiding wrapper objects is fine, but
freeing `arg` and recycling `wrapper` causes a dangling pointer and
can segfault on some environments, compilers and options, with the
following pacth.

```diff
diff --git a/test/ruby/test_marshal.rb b/test/ruby/test_marshal.rb
index bc22b5fd3a..bfc3f6df25 100644
--- a/test/ruby/test_marshal.rb
+++ b/test/ruby/test_marshal.rb
@@ -644,6 +644,9 @@
     c = Bug9523.new
     assert_raise_with_message(RuntimeError, /Marshal\.dump reentered at marshal_dump/) do
       Marshal.dump(c)
+      GC.start
+      1000.times {"x"*1000}
+      GC.start
       c.cc.call
     end
   end
```

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>