Bug #20239: Segmentation fault when using Regex on a large String - Ruby master - Ruby Issue Tracking System

Actions

Bug #20239

closed

Segmentation fault when using Regex on a large String

Added by martinsp (Martins Polakovs) 3 months ago. Updated 3 months ago.

Status:

Closed

Assignee:

-

Target version:

-

ruby -v:

ruby 3.3.0 (2023-12-25 revision 5124f9ac75) [aarch64-linux]

Backport:

3.0: UNKNOWN, 3.1: UNKNOWN, 3.2: UNKNOWN, 3.3: UNKNOWN

[ruby-core:116597]

Description

Since v3.2.0 ruby crashes with segmentation fault on the following script with a [BUG] Segmentation fault at ...

require "rbconfig/sizeof"
("\u{0101}" + "a" * RbConfig::LIMITS["INT_MAX"] + "b").match(/b/)

Crash can be reproduced on the following ruby versions:

ruby 3.2.0 (2022-12-25 revision a528908271) [aarch64-linux]
ruby 3.2.3 (2024-01-18 revision 52bb2ac0a6) [aarch64-linux]
ruby 3.3.0 (2023-12-25 revision 5124f9ac75) [aarch64-linux]

ruby 3.1.4p223 (2023-03-30 revision 957bb7cb81) [aarch64-linux] works as expected

It seems that call to enclen inside str_lower_case_match returns negative offset in this case https://bugs.ruby-lang.org/projects/ruby-master/repository/git/revisions/v3_3_0/entry/regexec.c#L4180

Actions

#1

Updated by nobu (Nobuyoshi Nakada) 3 months ago

Status changed from Open to Closed

Applied in changeset git|75aaeb35b82da26359b9418d2963384d0c55839c.

[Bug #20239] Fix overflow at down-casting

Actions

Also available in: Atom PDF

Like0

Like0