[PROF-11475] Add extra safety checks when getting line number in profiler

ivoanjo · ivoanjo · commit 1b1df1bf1666 · 2025-03-06T12:00:51.000Z
**What does this PR do?**

This PR adds a few extra checks when getting the line number during
stack trace gathering in the profiler.

We got one automated report of a crash in the `rb_iseq_line_no`
function, and we couldn't reproduce it, so this is the first attempt
at avoiding the issue -- let's see if we ever observe this crash again
or not.

**Motivation:**

Improve stability of the profiler.

**Additional Notes:**

See the internal PROF-11475 ticket for more details.

**How to test the change?**

Our existing test coverage already validates that stack trace gathering
works fine and matches the Ruby APIs. If this condition was not correct,
we'd get more lines set to 0, and our unit tests would fail. (I did some
quick manual testing to check this was the case -- and indeed it is).
diff --git a/ext/datadog_profiling_native_extension/private_vm_api_access.c b/ext/datadog_profiling_native_extension/private_vm_api_access.c
@@ -312,6 +312,7 @@ VALUE thread_name_for(VALUE thread) {
 // to support our custom rb_profile_frames (see below)
 // Modifications:
 // * Support int first_lineno for Ruby 3.2.0+ (https://github.com/ruby/ruby/pull/6430)
+// * Validate iseq and pos before calling `rb_iseq_line_no` as a safety measure (see comment below for details)
 //
 // `node_id` gets used depending on Ruby VM compilation settings (USE_ISEQ_NODE_ID being defined).
 // To avoid getting false "unused argument" warnings in setups where it's not used, we need to do this weird dance
@@ -358,6 +359,13 @@ calc_pos(const rb_iseq_t *iseq, const VALUE *pc, int *lineno, int *node_id)
             __builtin_trap();
         }
 #endif
+
+        // In PROF-11475 we spotted a crash when calling `rb_iseq_line_no` from this method. We couldn't reproduce or
+        // figure out the root cause, but "just in case", we're validating that the iseq looks valid and that the
+        // `n` used for the position is also sane, and if they don't look good, we don't calculate the line, rather
+        // than potentially trigger any issues.
+        if (RB_UNLIKELY(!RB_TYPE_P((VALUE) iseq, T_IMEMO) || n < 0 || n > ISEQ_BODY(iseq)->iseq_size)) return 0;
+
         if (lineno) *lineno = rb_iseq_line_no(iseq, pos);
 #ifdef USE_ISEQ_NODE_ID
         if (node_id) *node_id = rb_iseq_node_id(iseq, pos);
