scheduler: rewind CFP after EC_PUSH_TAG on non-local jumps

samuel-williams-shopify · cursoragent · samuel-williams-shopify · commit bcef70639ee6 · 2026-05-11T16:22:14.000+09:00
Both rb_fiber_scheduler_unblock and rb_fiber_scheduler_fiber_interrupt
used EC_PUSH_TAG but did not capture ec-&gt;cfp beforehand nor call
rb_vm_rewind_cfp in the non-TAG_NONE branch.  Without this, stale call
frames can remain on the stack after an exception or other non-local
jump, matching the structure rb_protect uses for the same pattern.

Co-authored-by: Cursor &lt;cursoragent@cursor.com&gt;
diff --git a/scheduler.c b/scheduler.c
@@ -680,10 +680,14 @@ rb_fiber_scheduler_unblock(VALUE scheduler, VALUE blocker, VALUE fiber)
     int saved_interrupt_mask = ec->interrupt_mask;
     ec->interrupt_mask |= PENDING_INTERRUPT_MASK;
 
+    rb_control_frame_t *volatile cfp = ec->cfp;
     EC_PUSH_TAG(ec);
     if ((state = EC_EXEC_TAG()) == TAG_NONE) {
         result = rb_funcall(scheduler, id_unblock, 2, blocker, fiber);
     }
+    else {
+        rb_vm_rewind_cfp(ec, cfp);
+    }
     EC_POP_TAG();
 
     ec->interrupt_mask = saved_interrupt_mask;
@@ -1145,10 +1149,14 @@ VALUE rb_fiber_scheduler_fiber_interrupt(VALUE scheduler, VALUE fiber, VALUE exc
     int saved_interrupt_mask = ec->interrupt_mask;
     ec->interrupt_mask |= PENDING_INTERRUPT_MASK;
 
+    rb_control_frame_t *volatile cfp = ec->cfp;
     EC_PUSH_TAG(ec);
     if ((state = EC_EXEC_TAG()) == TAG_NONE) {
         result = rb_check_funcall(scheduler, id_fiber_interrupt, 2, arguments);
     }
+    else {
+        rb_vm_rewind_cfp(ec, cfp);
+    }
     EC_POP_TAG();
 
     ec->interrupt_mask = saved_interrupt_mask;
