Simple script segfaults 1.8.6-p230

When I run the following 10-line ruby script on 1.8.6-p230
as shipped (built on 32-bit x86 Debian Etch, with configure
arguments at defaults), it pretty reliably segfaults. My
patch to get rails working (by reverting changeset 17222
on the ruby_1_8_6 branch) eliminates this problem as well,
so this *may* be the simplest demonstration of the problem
that's been killing Rails apps on this Ruby release.

The script:

obj = Object.new

class << obj
  def meth(x, y)
  end
end

10000.times do
  obj = obj.clone
end

···

--
Posted via http://www.ruby-forum.com/.

It seems that this has been fixed but not backported:

$ ruby18 -v -
ruby 1.8.7 (2008-06-25 revision 17572) [i686-darwin9.3.0]
obj = Object.new

class << obj
  def meth(x, y)
  end
end

10000.times do
  obj = obj.clone
end
$ echo $?
0

p232 crashes for me:

$ ./miniruby -v -
ruby 1.8.6 (2008-06-24 patchlevel 232) [i686-darwin9.3.0]
[code]
miniruby(83566) malloc: *** error for object 0x120a90: double free
*** set a breakpoint in malloc_error_break to debug
[...]
miniruby(83566) malloc: *** error for object 0x120a90: double free
*** set a breakpoint in malloc_error_break to debug
-:9: [BUG] Segmentation fault
ruby 1.8.6 (2008-06-24) [i686-darwin9.3.0]

Abort trap
$

Backtrace points to:

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0xc000000f
st_free_table (table=0x120c90) at st.c:211
211 next = ptr->next;
(gdb) bt
#0 st_free_table (table=0x120c90) at st.c:211
#1 0x000363ae in garbage_collect () at gc.c:1177
#2 0x00036695 in rb_newobj () at gc.c:384
#3 0x0005718c in rb_node_newnode (type=NODE_METHOD, a0=1182448, a1=1182448, a2=1182448) at parse.y:4520
#4 0x0000c01a in clone_method (mid=3221225475, body=0x20006c, data=0xbfffe248) at class.c:70
#5 0x00085b81 in st_foreach (table=0x176c40, func=0xbfe0 <clone_method>, arg=3221217864) at st.c:487
#6 0x0000cc63 in rb_singleton_class_clone (obj=<value temporarily unavailable, due to optimizations>) at class.c:160

···

On Jun 25, 2008, at 21:28 PM, Robert Thau wrote:

When I run the following 10-line ruby script on 1.8.6-p230
as shipped (built on 32-bit x86 Debian Etch, with configure
arguments at defaults), it pretty reliably segfaults. My
patch to get rails working (by reverting changeset 17222
on the ruby_1_8_6 branch) eliminates this problem as well,
so this *may* be the simplest demonstration of the problem
that's been killing Rails apps on this Ruby release.