[Bug #20453] segfault in Regexp timeout
https://bugs.ruby-lang.org/issues/20228 started freeing `stk_base` to
avoid a memory leak. But `stk_base` is sometimes stack allocated (using
`xalloca`), so the free only works if the regex stack has grown enough
to hit `stack_double` (which uses `xmalloc` and `xrealloc`).
To reproduce the problem on master and 3.3.1:
```ruby
Regexp.timeout = 0.001
/^(a*)x$/ =~ "a" * 1000000 + "x"'
```
Some details about this potential fix:
`stk_base == stk_alloc` on
[init](dde99215f2/regexec.c (L1153)),
so if `stk_base != stk_alloc` we can be sure we called
[`stack_double`](dde99215f2/regexec.c (L1210))
and it's safe to free. It's also safe to free if we've
[saved](dde99215f2/regexec.c (L1187-L1189))
the stack to `msa->stack_p`, since we do the `stk_base != stk_alloc`
check before saving.
This matches the check we do inside
[`stack_double`](dde99215f2/regexec.c (L1221))
Resize ary when `Array#sort!` block modifies embedded ary
In cases where `rb_ary_sort_bang` is called with a block and
tmp is an embedded array, we need to account for the block
potentially impacting the capacity of ary.
ex:
```
var_0 = (1..70).to_a
var_0.sort! do |var_0_block_129, var_1_block_129|
var_0.pop
var_1_block_129 <=> var_0_block_129
end.shift(3)
```
The above example can put the array into a corrupted state
resulting in a heap buffer overflow and possible segfault:
```
ERROR: AddressSanitizer: heap-buffer-overflow on address [...]
WRITE of size 560 at 0x60b0000034f0 thread T0 [...]
```
This commit adds a conditional to determine when the capacity
of ary has been modified by the provided block. If this is
the case, ensure that the capacity of ary is adjusted to
handle at minimum the len of tmp.
[Bug #20305] Fix matching against an incomplete character
When matching against an incomplete character, some `enclen` calls are
expected not to exceed the limit, and some are expected to return the
required length and then the results are checked if it exceeds.
[Bug #20322] Fix rb_enc_interned_str_cstr null encoding
The documentation for `rb_enc_interned_str_cstr` notes that `enc` can be
a null pointer, but this currently causes a segmentation fault when
trying to autoload the encoding. This commit fixes the issue by checking
for NULL before calling `rb_enc_autoload`.
This should help in debugging the intermittent test failures on CI:
TestProcess#test_warmup_frees_pages [test/ruby/test_process.rb:2779]:
<201> expected but was
<202>.
YJIT: Fix unused warnings
```
warning: unused import: `condition::Condition`
--> src/asm/arm64/arg/mod.rs:13:9
|
13 | pub use condition::Condition;
| ^^^^^^^^^^^^^^^^^^^^
|
= note: `#[warn(unused_imports)]` on by default
warning: unused import: `rb_yjit_fix_mul_fix as rb_fix_mul_fix`
--> src/cruby.rs:188:9
|
188 | pub use rb_yjit_fix_mul_fix as rb_fix_mul_fix;
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
warning: unused import: `rb_insn_len as raw_insn_len`
--> src/cruby.rs:142:9
|
142 | pub use rb_insn_len as raw_insn_len;
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
= note: `#[warn(unused_imports)]` on by default
```
Make asm public so it stops warning about unused public stuff in there.
YJIT: Fix ruby2_keywords splat+rest and drop bogus checks
YJIT didn't guard for ruby2_keywords hash in case of splat calls that
land in methods with a rest parameter, creating incorrect results.
The compile-time checks didn't correspond to any actual effects of
ruby2_keywords, so it was masking this bug and YJIT was needlessly
refusing to compile some code. About 16% of fallback reasons in
`lobsters` was due to the ISeq check.
We already handle the tagging part with
exit_if_supplying_kw_and_has_no_kw() and should now have a dynamic guard
for all splat cases.
Note for backporting: You also need 7f51959ff1.
[Bug #20195]
YJIT: Move guard up for a case of splat+rest
Previously, YJIT put the guard for having enough items to extract from
splat array at a place where the side exit is invalid, so if the guard
fails, YJIT could raise something other than ArgumentError. Move the
guard up to a place before any stack manipulation.
[Bug #20204]
https://rubyci.s3.amazonaws.com/rhel_zlinux/ruby-3.3/log/20240528T214850Z.fail.html.gz
```
1)
Execution variable $: default $LOAD_PATH entries until sitelibdir included have @gem_prelude_index set FAILED
Expected ["/home/chkbuild/build/20240528T214850Z/mspec/lib/mspec/lib",
"/home/chkbuild/build/20240528T214850Z/mspec/lib",
"./ruby/tool/lib",
"/home/linux1/chkbuild/tmp/build/20240528T214850Z/lib/ruby/site_ruby/3.3.0",
"/home/linux1/chkbuild/tmp/build/20240528T214850Z/lib/ruby/site_ruby/3.3.0/s390x-linux",
"/home/linux1/chkbuild/tmp/build/20240528T214850Z/lib/ruby/site_ruby",
"/home/linux1/chkbuild/tmp/build/20240528T214850Z/lib/ruby/vendor_ruby/3.3.0",
"/home/linux1/chkbuild/tmp/build/20240528T214850Z/lib/ruby/vendor_ruby/3.3.0/s390x-linux",
"/home/linux1/chkbuild/tmp/build/20240528T214850Z/lib/ruby/vendor_ruby",
"/home/linux1/chkbuild/tmp/build/20240528T214850Z/lib/ruby/3.3.0",
"/home/linux1/chkbuild/tmp/build/20240528T214850Z/lib/ruby/3.3.0/s390x-linux"].include? "/home/chkbuild/build/20240528T214850Z/lib/ruby/site_ruby/3.3.0"
to be truthy but was false
/home/chkbuild/build/20240528T214850Z/rubyspec/language/predefined_spec.rb:885:in `block (2 levels) in <top (required)>'
/home/chkbuild/build/20240528T214850Z/rubyspec/language/predefined_spec.rb:846:in `<top (required)>'
```
It does have /home/linux1/chkbuild/tmp/build/20240528T214850Z/lib/ruby/site_ruby/3.3.0,
so it seems actually fine. It seems to be failing due to its setup
issues. Skipping this until we figure out how to fix it.
* merge revision(s) bbd249e351af7e4929b518a5de73a832b5617273: [Backport #20192]
YJIT: Properly reject keyword splat with `yield`
We don't have support for keyword splat anywhere, but we tried to
compile these anyways in case of `invokeblock`. This led to bad things
happening such as passing the wrong value and passing a hash into
rb_yjit_array_len(), which raised in the middle of compilation.
[Bug #20192]
* Skip a new test for RJIT
Make io_fwrite safe for compaction
[Bug #20169]
Embedded strings are not safe for system calls without the GVL because
compaction can cause pages to be locked causing the operation to fail
with EFAULT. This commit changes io_fwrite to use rb_str_tmp_frozen_no_embed_acquire,
which guarantees that the return string is not embedded.
It causes flaky failures like this:
```
+ /usr/bin/docker build --rm -t ruby-fedora-annocheck-copy --build-arg=FILES=ruby -f ../src/tool/annocheck/Dockerfile-copy .
DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
Install the buildx component to build images with BuildKit:
https://docs.docker.com/go/buildx/
Sending build context to Docker daemon 556.5MB
Step 1/6 : FROM docker.io/fedora:latest
toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
```
It seems not that important to maintain the job for backports, so let's
allow failing it until we fix it in master branch.
Takashi Kokubun
Hiroya Fujinami
Nobuyoshi Nakada
Peter Zhu
Hiroshi SHIBATA
Alan Wu
NARUSE, Yui