[GC] Fix an issue where a collection finalizer may actually put a fre…

…e pointer into the tbin being used. (#403)
snazzy-d · Nov 27, 2024 · 300ac03 · 300ac03
1 parent af95483
commit 300ac03
Showing 1 changed file with 11 additions and 4 deletions.
diff --git a/sdlib/d/gc/tcache.d b/sdlib/d/gc/tcache.d
@@ -390,7 +390,13 @@ private:
 		}
 
 		// We are about to allocate, make room for it if needed.
-		maybeRunGCCycle();
+		if (maybeRunGCCycle()) {
+			// The bin might have gained a pointer through a
+			// finalizer.
+			if (bin.allocate(ptr)) {
+				return ptr;
+			}
+		}
 
 		// The bin is empty, refill.
 		{
@@ -594,24 +600,25 @@ private:
 	/**
 	 * GC facilities
 	 */
-	void maybeRunGCCycle() {
+	bool maybeRunGCCycle() {
 		// If the GC is disabled or we have not reached the point
 		// at which we try to collect, move on.
 		if (!enableGC || allocated < nextGCRun) {
-			return;
+			return false;
 		}
 
 		// Do not run GC cycles when we are busy as another thread
 		// might be trying to run its own GC cycle and waiting on us.
 		if (state.busy) {
-			return;
+			return false;
 		}
 
 		import d.gc.collector;
 		auto collector = Collector(&this);
 		auto didRun = collector.maybeRunGCCycle();
 
 		nextGCRun = allocated + BlockSize;
+		return didRun;
 	}
 
 	/**