On 02/06/2018 05:00 AM, Eric Wong wrote:
> Eric Wong <normalperson / yhbt.net> wrote:
>> v.ondruch / tiscali.cz wrote:
>>> https://bugs.ruby-lang.org/issues/14357
>>>
>>> The thread_safe gem is not maintained anymore, but I don't see
>>> any reason why its test suite should segfault with Ruby 2.5.
>> Right, no 3rd-party C exts loaded and I hit this in trunk, too.
>> Using -fsanitize=address reveals use-after-free in st.c
>> Investigating, but maybe Vladimir can find it sooner.
> Maybe my initial investigation was correct, after all.
>
> valgrind takes forever, but indicates the free is caused by
> rebuild_table; so it doesn't look like we missed GC marking
> during rebuild.  Disabling the free(tab->entries) at line
> st.c:792 (patch below) seems to indicate success with the
> thread_safe test suite (letting it loop overnight).
>
> Looks like the new_tab != tab case of rebuild is leaving a
> hanging reference somewhere.
>
> Looks like it's freshly rebuilt table.  Pretty easy to reproduce
> the problem on 2.5, I remember it took more tries on 2.4 (didn't
> valgrind).   An extra pair of eyes more experienced with this
> code than I am would be appreciated.  Thanks.

Eric, thank you for working on the problem and analyzing it. I'll look 
at this and try to fix it as soon as possible.



Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>