From ada0d9b7042f7ee2ba0e51d147e081bc074cac41 Mon Sep 17 00:00:00 2001 From: Alan Wu Date: Wed, 17 Apr 2024 17:04:45 -0400 Subject: [PATCH] YJIT: Fix canary crash with Array#<< Previously, we got "We are killing the stack canary set by opt_ltlt" from `$./miniruby --yjit-call-threshold=1 -e 'a = [].freeze; a << 1'` Found by running ruby-spec with yjit-call-threshold=1. --- yjit/src/codegen.rs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/yjit/src/codegen.rs b/yjit/src/codegen.rs index 9d355b854d3c83..d212719c09a9a4 100644 --- a/yjit/src/codegen.rs +++ b/yjit/src/codegen.rs @@ -5929,8 +5929,10 @@ fn jit_rb_ary_push( ) -> bool { asm_comment!(asm, "Array#<<"); - // rb_ary_push allocates memory for buffer extension - jit_prepare_call_with_gc(jit, asm); + // rb_ary_push allocates memory for buffer extension and can raise FrozenError + // Not using a lazy frame here since the interpreter also has a truncated + // stack trace from opt_ltlt. + jit_prepare_non_leaf_call(jit, asm); let item_opnd = asm.stack_opnd(0); let ary_opnd = asm.stack_opnd(1);