On Jun 25, 2008, at 21:28 PM, Robert Thau wrote:
> When I run the following 10-line ruby script on 1.8.6-p230
> as shipped (built on 32-bit x86 Debian Etch, with configure
> arguments at defaults), it pretty reliably segfaults.  My
> patch to get rails working (by reverting changeset 17222
> on the ruby_1_8_6 branch) eliminates this problem as well,
> so this *may* be the simplest demonstration of the problem
> that's been killing Rails apps on this Ruby release.

It seems that this has been fixed but not backported:

$ ruby18 -v -
ruby 1.8.7 (2008-06-25 revision 17572) [i686-darwin9.3.0]
obj = Object.new

class << obj
  def meth(x, y)
  end
end

10000.times do
  obj = obj.clone
end
$ echo $?
0

p232 crashes for me:

$ ./miniruby -v -
ruby 1.8.6 (2008-06-24 patchlevel 232) [i686-darwin9.3.0]
[code]
miniruby(83566) malloc: *** error for object 0x120a90: double free
*** set a breakpoint in malloc_error_break to debug
[...]
miniruby(83566) malloc: *** error for object 0x120a90: double free
*** set a breakpoint in malloc_error_break to debug
-:9: [BUG] Segmentation fault
ruby 1.8.6 (2008-06-24) [i686-darwin9.3.0]

Abort trap
$

Backtrace points to:

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0xc000000f
st_free_table (table=0x120c90) at st.c:211
211		    next = ptr->next;
(gdb) bt
#0  st_free_table (table=0x120c90) at st.c:211
#1  0x000363ae in garbage_collect () at gc.c:1177
#2  0x00036695 in rb_newobj () at gc.c:384
#3  0x0005718c in rb_node_newnode (type=NODE_METHOD, a0=1182448,  
a1=1182448, a2=1182448) at parse.y:4520
#4  0x0000c01a in clone_method (mid=3221225475, body=0x20006c,  
data=0xbfffe248) at class.c:70
#5  0x00085b81 in st_foreach (table=0x176c40, func=0xbfe0  
<clone_method>, arg=3221217864) at st.c:487
#6  0x0000cc63 in rb_singleton_class_clone (obj=<value temporarily  
unavailable, due to optimizations>) at class.c:160