Project

General

Profile

Actions
Copy link

Bug #11566

closed

Segfault when enumerating from a bad constructor.

Added by 0x0dea (D.E. Akers) over 8 years ago. Updated over 8 years ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
ruby 2.3.0dev (2015-10-04 trunk 52020) [x86_64-linux]
Backport:
2.0.0: DONTNEED, 2.1: DONTNEED, 2.2: DONTNEED
[ruby-core:<unknown>]

Description

Enumerator.new(&:foo).to_a

This should raise a NoMethodError as it does for older Rubies, but the recent modifications to the internals of Symbol#to_proc seem to have elided the CFP information necessary to realize the NME.

I've attached a core dump which ultimately blames the VM_EP_LEP_P() macro for dereferencing a null pointer.

#define VM_EP_LEP_P(ep)     VM_ENVVAL_BLOCK_PTR_P((ep)[0])

Aside from observing that the block must not have an "environment" where it expected to find one, I am regrettably unable to provide any further information as to the nature or mitigation of this issue.

Files

core (3.96 KB) core 0x0dea (D.E. Akers), 10/05/2015 01:55 AM
Actions
Copy link
 #1

Updated by yui-knk (Kaneko Yuichiro) over 8 years ago

I found out that this regression is caused by 51995
(https://github.com/ruby/ruby/commit/c90550c251f0c598458d52dd2cbd5445e8d26c65)

(And same type segfault happen on rails travis-ci, so I also test segf_try.rb.)

# segf_try.rb
def arity_check(&block)
  block.arity == 0
end

p arity_check(&:reverse)

# segf_try2.rb
p Enumerator.new(&:foo).to_a

$ ruby -v
ruby 2.3.0dev (2015-10-01 trunk 51994) [x86_64-darwin14]
$ ruby segf_try.rb
false
$ ruby segf_try2.rb
segf_try2.rb:1:in `each': undefined method `foo' for #<Enumerator::Yielder:0x007fcd2b0041c8> (NoMethodError)
	from segf_try2.rb:1:in `each'
	from segf_try2.rb:1:in `to_a'
	from segf_try2.rb:1:in `<main>'

$ ruby -v
ruby 2.3.0dev (2015-10-01 trunk 51995) [x86_64-darwin14]
$ ruby segf_try.rb
segf_try.rb:2: [BUG] Segmentation fault at 0x00000000000018
ruby 2.3.0dev (2015-10-01 trunk 51995) [x86_64-darwin14]

-- Crash Report log information --------------------------------------------
   See Crash Report log file under the one of following:
     * ~/Library/Logs/CrashReporter
     * /Library/Logs/CrashReporter
     * ~/Library/Logs/DiagnosticReports
     * /Library/Logs/DiagnosticReports
   for more details.
Don't forget to include the above Crash Report log file in bug reports.

-- Control frame information -----------------------------------------------
c:0003 p:0009 s:0010 e:000008 METHOD segf_try.rb:2
c:0002 p:0024 s:0005 E:001180 EVAL   segf_try.rb:5 [FINISH]
c:0001 p:0000 s:0002 E:001600 (none) [FINISH]

-- Ruby level backtrace information ----------------------------------------
segf_try.rb:5:in `<main>'
segf_try.rb:2:in `arity_check'

-- Machine register context ------------------------------------------------
 rax: 0x0000000000000000 rbx: 0x0000000000004cb1 rcx: 0x00007ffa8a0eb200
 rdx: 0x00000000000004b1 rdi: 0x0000000000000000 rsi: 0x0000000000000084
 rbp: 0x00007fff5660d3a0 rsp: 0x00007fff5660d360  r8: 0x00000001099b5038
  r9: 0x0000000000000001 r10: 0x0000000109ab4f80 r11: 0x00007ffa89d187f8
 r12: 0x0000000000004cb1 r13: 0x0000000000000000 r14: 0x00007ffa89d13a40
 r15: 0x0000000000004cb1 rip: 0x000000010977fb40 rfl: 0x0000000000010206

-- C level backtrace information -------------------------------------------
0   libruby.2.3.0.dylib                 0x00000001097976d4 rb_vm_bugreport + 388
1   libruby.2.3.0.dylib                 0x000000010963cb19 rb_bug_context + 473
2   libruby.2.3.0.dylib                 0x0000000109710253 sigsegv + 83
3   libsystem_platform.dylib            0x00007fff868a5f1a _sigtramp + 26
4   libruby.2.3.0.dylib                 0x000000010977fb40 method_entry_get + 224
5   ???                                 0x00007fff5660d3b0 0x0 + 140734642574256

-- Other runtime information -----------------------------------------------

* Loaded script: segf_try.rb

* Loaded features:

    0 enumerator.so
    1 thread.rb
    2 rational.so
    3 complex.so
    4 /usr/local/lib/ruby/2.3.0/x86_64-darwin14/enc/encdb.bundle
    5 /usr/local/lib/ruby/2.3.0/x86_64-darwin14/enc/trans/transdb.bundle
    6 /usr/local/lib/ruby/2.3.0/unicode_normalize.rb
    7 /usr/local/lib/ruby/2.3.0/x86_64-darwin14/rbconfig.rb
    8 /usr/local/lib/ruby/2.3.0/rubygems/compatibility.rb
    9 /usr/local/lib/ruby/2.3.0/rubygems/defaults.rb
   10 /usr/local/lib/ruby/2.3.0/rubygems/deprecate.rb
   11 /usr/local/lib/ruby/2.3.0/rubygems/errors.rb
   12 /usr/local/lib/ruby/2.3.0/rubygems/version.rb
   13 /usr/local/lib/ruby/2.3.0/rubygems/requirement.rb
   14 /usr/local/lib/ruby/2.3.0/rubygems/platform.rb
   15 /usr/local/lib/ruby/2.3.0/rubygems/basic_specification.rb
   16 /usr/local/lib/ruby/2.3.0/rubygems/stub_specification.rb
   17 /usr/local/lib/ruby/2.3.0/rubygems/util/list.rb
   18 /usr/local/lib/ruby/2.3.0/x86_64-darwin14/stringio.bundle
   19 /usr/local/lib/ruby/2.3.0/rubygems/specification.rb
   20 /usr/local/lib/ruby/2.3.0/rubygems/exceptions.rb
   21 /usr/local/lib/ruby/2.3.0/rubygems/core_ext/kernel_gem.rb
   22 /usr/local/lib/ruby/2.3.0/monitor.rb
   23 /usr/local/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb
   24 /usr/local/lib/ruby/2.3.0/rubygems.rb
   25 /usr/local/lib/ruby/2.3.0/rubygems/path_support.rb

[NOTE]
You may have encountered a bug in the Ruby interpreter or extension libraries.
Bug reports are welcome.
For details: http://www.ruby-lang.org/bugreport.html

Abort trap: 6
$ ruby segf_try2.rb
segf_try2.rb:1: [BUG] Segmentation fault at 0x00000000000000
ruby 2.3.0dev (2015-10-01 trunk 51995) [x86_64-darwin14]

-- Crash Report log information --------------------------------------------
   See Crash Report log file under the one of following:
     * ~/Library/Logs/CrashReporter
     * /Library/Logs/CrashReporter
     * ~/Library/Logs/DiagnosticReports
     * /Library/Logs/DiagnosticReports
   for more details.
Don't forget to include the above Crash Report log file in bug reports.

-- Control frame information -----------------------------------------------
c:0006 p:---- s:0014 e:000013 IFUNC
c:0005 p:---- s:0012 E:0012b0 CFUNC  :each
c:0004 p:---- s:0010 e:000009 CFUNC  :each
c:0003 p:---- s:0008 E:001240 CFUNC  :to_a
c:0002 p:0019 s:0005 E:001130 EVAL   segf_try2.rb:1 [FINISH]
c:0001 p:0000 s:0002 E:001940 (none) [FINISH]

-- Ruby level backtrace information ----------------------------------------
segf_try2.rb:1:in `<main>'
segf_try2.rb:1:in `to_a'
segf_try2.rb:1:in `each'
segf_try2.rb:1:in `each'

-- Machine register context ------------------------------------------------
 rax: 0x0000000000000000 rbx: 0x00007fec59c08030 rcx: 0x0000000000000002
 rdx: 0x00007fff52287a10 rdi: 0x000000010de37e80 rsi: 0x0000000000000003
 rbp: 0x00007fff52287990 rsp: 0x00007fff52287990  r8: 0x0000000000000000
  r9: 0x00007fec59c083d0 r10: 0x00007fec59d00000 r11: 0x000000000000000d
 r12: 0x00007fec5a8cc118 r13: 0x000000010dbb0090 r14: 0x00007fff52287a10
 r15: 0x0000000000000003 rip: 0x000000010daf6b54 rfl: 0x0000000000010246

-- C level backtrace information -------------------------------------------
0   libruby.2.3.0.dylib                 0x000000010db1a6d4 rb_vm_bugreport + 388
1   libruby.2.3.0.dylib                 0x000000010d9bfb19 rb_bug_context + 473
2   libruby.2.3.0.dylib                 0x000000010da93253 sigsegv + 83
3   libsystem_platform.dylib            0x00007fff868a5f1a _sigtramp + 26
4   libruby.2.3.0.dylib                 0x000000010daf6b54 rb_vm_control_frame_block_ptr + 20
5   ???                                 0x00007fff522879c0 0x0 + 140734571772352

-- Other runtime information -----------------------------------------------

* Loaded script: segf_try2.rb

* Loaded features:

    0 enumerator.so
    1 thread.rb
    2 rational.so
    3 complex.so
    4 /usr/local/lib/ruby/2.3.0/x86_64-darwin14/enc/encdb.bundle
    5 /usr/local/lib/ruby/2.3.0/x86_64-darwin14/enc/trans/transdb.bundle
    6 /usr/local/lib/ruby/2.3.0/unicode_normalize.rb
    7 /usr/local/lib/ruby/2.3.0/x86_64-darwin14/rbconfig.rb
    8 /usr/local/lib/ruby/2.3.0/rubygems/compatibility.rb
    9 /usr/local/lib/ruby/2.3.0/rubygems/defaults.rb
   10 /usr/local/lib/ruby/2.3.0/rubygems/deprecate.rb
   11 /usr/local/lib/ruby/2.3.0/rubygems/errors.rb
   12 /usr/local/lib/ruby/2.3.0/rubygems/version.rb
   13 /usr/local/lib/ruby/2.3.0/rubygems/requirement.rb
   14 /usr/local/lib/ruby/2.3.0/rubygems/platform.rb
   15 /usr/local/lib/ruby/2.3.0/rubygems/basic_specification.rb
   16 /usr/local/lib/ruby/2.3.0/rubygems/stub_specification.rb
   17 /usr/local/lib/ruby/2.3.0/rubygems/util/list.rb
   18 /usr/local/lib/ruby/2.3.0/x86_64-darwin14/stringio.bundle
   19 /usr/local/lib/ruby/2.3.0/rubygems/specification.rb
   20 /usr/local/lib/ruby/2.3.0/rubygems/exceptions.rb
   21 /usr/local/lib/ruby/2.3.0/rubygems/core_ext/kernel_gem.rb
   22 /usr/local/lib/ruby/2.3.0/monitor.rb
   23 /usr/local/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb
   24 /usr/local/lib/ruby/2.3.0/rubygems.rb
   25 /usr/local/lib/ruby/2.3.0/rubygems/path_support.rb

[NOTE]
You may have encountered a bug in the Ruby interpreter or extension libraries.
Bug reports are welcome.
For details: http://www.ruby-lang.org/bugreport.html

Abort trap: 6
Actions
Copy link
 #2

Updated by nobu (Nobuyoshi Nakada) over 8 years ago

  • Status changed from Open to Closed

Applied in changeset r52036.

proc.c: set ep properly

Actions
Copy link
 #3

Updated by nobu (Nobuyoshi Nakada) over 8 years ago

  • Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN to 2.0.0: DONTNEED, 2.1: DONTNEED, 2.2: DONTNEED
Actions
Copy link

Also available in: Atom PDF

Like0
Like0Like0Like0