Skip to content

Commit

Permalink
fix incorrect quiescent finalizer detection (#47214)
Browse files Browse the repository at this point in the history
We were checking and clearing the gc tag bits on a random memory
location when running these quiescent finalizers (which do not point to
julia memory, so they are not tag bits, but probably libc malloc
metadata).

Detected by ASAN (and also CI)

Fixes #47171
Closes #47177
  • Loading branch information
vtjnash authored Oct 18, 2022
1 parent e8aacc8 commit 61ccb32
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions src/gc.c
Original file line number Diff line number Diff line change
Expand Up @@ -2443,12 +2443,12 @@ stack: {
else {
new_obj = (jl_value_t*)gc_read_stack(&rts[i], offset, lb, ub);
if (gc_ptr_tag(new_obj, 3)) {
// handle tagged pointers in finalizer list
new_obj = gc_ptr_clear_tag(new_obj, 1);
// skip over the finalizer fptr
i++;
if (gc_ptr_tag(new_obj, 2))
continue;
// handle tagged pointers in finalizer list
new_obj = gc_ptr_clear_tag(new_obj, 1);
}
}
if (!gc_try_setmark(new_obj, &nptr, &tag, &bits))
Expand Down Expand Up @@ -3045,7 +3045,7 @@ static void sweep_finalizer_list(arraylist_t *list)
void *fin = items[i+1];
int isfreed;
int isold;
if (gc_ptr_tag(v, 2)) {
if (gc_ptr_tag(v0, 2)) {
isfreed = 1;
isold = 0;
}
Expand Down

0 comments on commit 61ccb32

Please sign in to comment.