[Bug #20577] Fix freeing symbols when RUBY_FREE_AT_EXIT

Dynamic symbols point to a fstring. When we free the symbol, we hash the fstring to remove it from the table. However, the fstring could have already been freed, which can cause a crash. This commit changes it to remove the reference to the fstring before freeing the symbol so we can avoid this crash.
2024-06-12 15:07:53 -04:00 · 2024-06-12 15:07:53 -04:00 · 7c46aa5ed4
--- a/gc.c
+++ b/gc.c
@ -4336,6 +4336,17 @@ rb_objspace_call_finalizer_i(VALUE obj, void *data)
      case T_FILE:
        obj_free(objspace, obj);
        break;
+      case T_SYMBOL:
+        if (rb_free_at_exit) {
+            if (RSYMBOL(obj)->fstr &&
+                    (BUILTIN_TYPE(RSYMBOL(obj)->fstr) == T_NONE ||
+                        BUILTIN_TYPE(RSYMBOL(obj)->fstr) == T_ZOMBIE)) {
+                RSYMBOL(obj)->fstr = 0;
+            }
+
+            obj_free(objspace, obj);
+        }
+        break;
      case T_NONE:
        break;
      default: