Handle mutating of array passed to Set.new during iteration

This avoids a heap-use-after-free. Fixes [Bug #21306]
author: Jeremy Evans <[email protected]> 2025-05-03 11:20:23 -0700
committer: Jeremy Evans <[email protected]> 2025-05-04 04:10:57 +0900
commit: 21035c826db5933cf836a4a12fb74b696a76b255 ()
tree: ca8261eab1c1330b466e0895808de3608342b281 /set.c
parent: be665cf855d7b35ce166ea1137d4f8d0cac1010b (diff)
1 files changed, 7 insertions, 12 deletions
@@ -494,18 +494,13 @@ set_i_initialize(int argc, VALUE *argv, VALUE set)
 if (argc > 0 && (other = argv[0]) != Qnil) {
 if (RB_TYPE_P(other, T_ARRAY)) {
- long len = RARRAY_LEN(other);
- if (RARRAY_LEN(other) != 0) {
- set_table *into = RSET_TABLE(set);
- VALUE key;
- int block_given = rb_block_given_p();
- RARRAY_PTR_USE(other, ptr, {
- for(; len > 0; len--, ptr++) {
- key = *ptr;
- if (block_given) key = rb_yield(key);
- set_table_insert_wb(into, set, key, NULL);
- }
- });
 }
 }
 else {
author	Jeremy Evans <[email protected]>	2025-05-03 11:20:23 -0700
committer	Jeremy Evans <[email protected]>	2025-05-04 04:10:57 +0900
commit	21035c826db5933cf836a4a12fb74b696a76b255 ()
tree	ca8261eab1c1330b466e0895808de3608342b281 /set.c
parent	be665cf855d7b35ce166ea1137d4f8d0cac1010b (diff)