From 77c5bb38d3127fffd837893f635da48314a044a0 Mon Sep 17 00:00:00 2001
From: Kaz Kylheku <kaz@kylheku.com>
Date: Wed, 22 Mar 2023 23:09:55 -0700
Subject: ffi: gc bugfix in ffi_type_struct.

I haven't reproduced a crash with this and --gc-debug
doesn't do it, possibly due to the use of setcheck
in the loop. But make_ffi_type_struct is doing something
wrong: it's creating new compiled type objects in a loop
and sticking them into the memb array, which is not
visible to the garbage collector.

* ffi.c (make_ffi_type_struct): We move the initialization
of ffi->memb to above the loop, so that the object points
to the array.  The loop is already setting ft->nelem to
the correct value i + 1 on each iteration of the loop,
thereby revealing each newly populated entry to the garbage
collector.
---
 ffi.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ffi.c b/ffi.c
index f293b59b..91704da7 100644
--- a/ffi.c
+++ b/ffi.c
@@ -3791,6 +3791,8 @@ static val make_ffi_type_struct(val syntax, val lisp_type,
 
   sethash(ffi_struct_tag_hash, cadr(syntax), obj);
 
+  tft->memb = memb;
+
   for (i = 0; i < nmemb; i++) {
     val slot_syntax = pop(&slot_exprs);
     val slot = car(slot_syntax);
@@ -3894,8 +3896,6 @@ static val make_ffi_type_struct(val syntax, val lisp_type,
       tft->by_value_in = 1;
   }
 
-  tft->memb = memb;
-
   if (bit_offs > 0) {
     bug_unless (bit_offs < 8);
     offs++;
-- 
cgit v1.2.3