Check for VM_ENV_DATA_INDEX_FLAGS in mid-escape

jhawthorn · AlexaCampusano · jhawthorn · commit 7a934a863afa · 2026-05-05T10:39:45.000-07:00
vm_make_env_each iterates over frames on the stack, escaping each one.
This can leave the stack in an inconsistent state.

If a sampling profiler calls rb_profile_frames from a signal handler, it
can observe the stack in this inconsistent state, so we need to check
for it.

Co-authored-by: Nery Campusano &lt;nery.campusano@shopify.com&gt;
diff --git a/vm_insnhelper.c b/vm_insnhelper.c
@@ -771,7 +771,12 @@ rb_vm_frame_method_entry(const rb_control_frame_t *cfp)
     const VALUE *ep = cfp->ep;
     rb_callable_method_entry_t *me;
 
-    while (!VM_ENV_LOCAL_P(ep)) {
+    for (;;) {
+        if (UNLIKELY(!FIXNUM_P(ep[VM_ENV_DATA_INDEX_FLAGS]))) {
+            // vm_make_env_each mid-escape: flags slot holds the env object.
+            ep = ((const rb_env_t *)ep[VM_ENV_DATA_INDEX_FLAGS])->ep;
+        }
+        if (VM_ENV_LOCAL_P(ep)) break;
         if ((me = check_method_entry(ep[VM_ENV_DATA_INDEX_ME_CREF], FALSE)) != NULL) return me;
         ep = VM_ENV_PREV_EP(ep);
     }
