Project

General

Profile

Actions

Bug #10568

closed

segmentation fault after pack & ioctl & unpack

Added by bkutil (Balazs Kutil) over 9 years ago. Updated almost 9 years ago.

Status:
Closed
Target version:
-
[ruby-core:66688]

Description

This snippet produces a segmentation fault on rubies on ruby_2_1 branch from git commit [1]
onwards and ruby_2_0_0 branch from commit [2] onwards. I was unable to reproduce the issue
on the current trunk [3]:

require 'socket'
SIOCETHTOOL = 0x8946
i = ["lo", "\n"].pack("a16p")
s = Socket.new(Socket::AF_INET, Socket::SOCK_DGRAM, 0)
s.ioctl(SIOCETHTOOL, i)
i.unpack("a16p")[1]

This patch [4] fixes the issue for both 2_1 and 2_0_0 branches, although the test case it contains
does not produce a segfault (only raises an ArgumentError) on affected revisions.

[1] 659fd08f
[2] c41f74cf
[3] bc0f1312
[4] 4b146b25


Files

ruby-2.1-rb-str-associated.patch (2.5 KB) ruby-2.1-rb-str-associated.patch bkutil (Balazs Kutil), 12/17/2014 04:26 PM

Updated by bkutil (Balazs Kutil) over 9 years ago

Sorry, forgot to explicitly mention that this is running on linux and that sudo is required to run the snippet (because of the ioctl).

Updated by bkutil (Balazs Kutil) over 9 years ago

Attached is a patch, based on 4b146b25, which omits the deprecations in String API.

Updated by tenderlovemaking (Aaron Patterson) over 9 years ago

  • Tracker changed from Bug to Backport
  • Project changed from Ruby master to Backport21

Updated by nagachika (Tomoyuki Chikanaga) about 9 years ago

  • Tracker changed from Backport to Bug
  • Project changed from Backport21 to Ruby master
  • Status changed from Open to Closed
  • Assignee changed from ko1 (Koichi Sasada) to nobu (Nobuyoshi Nakada)
  • ruby -v set to -
  • Backport set to 2.0.0: REQUIRED, 2.1: REQUIRED, 2.2: DONTNEED

Hello Balazs.

Thank you for your precise report and a patch.

I've found that r44803 and r44804 seems related changesets.

I'll move this ticket to ruby-trunk again and fill Backport field because this should be backported into ruby_2_0_0 too.

Updated by usa (Usaku NAKAMURA) about 9 years ago

  • Backport changed from 2.0.0: REQUIRED, 2.1: REQUIRED, 2.2: DONTNEED to 2.0.0: DONE, 2.1: REQUIRED, 2.2: DONTNEED

ruby_2_0_0 r49447 merged revision(s) 48803.
r44803 was already backported to ruby_2_0_0, and now a part of r44804 has been backported. (to keep compatibility, deprecated stuff is omitted.)

Updated by nagachika (Tomoyuki Chikanaga) about 9 years ago

  • Backport changed from 2.0.0: DONE, 2.1: REQUIRED, 2.2: DONTNEED to 2.0.0: DONE, 2.1: DONE, 2.2: DONTNEED

r44803 was already backported in ruby_2_1 branch at r44819 for #9478.

Actions #7

Updated by terceiro (Antonio Terceiro) almost 9 years ago

I can still reproduce the segfault with the current ruby_2_1 branch, so I would say backporting the patch mentioned by the OP is still needed:

$ ruby -v
ruby 2.1.5p329 (2015-03-31) [x86_64-linux-gnu]
$ cat /tmp/test.rb 
require 'socket'
SIOCETHTOOL = 0x8946
i = ["lo", "\n"].pack("a16p")
s = Socket.new(Socket::AF_INET, Socket::SOCK_DGRAM, 0)
s.ioctl(SIOCETHTOOL, i)
i.unpack("a16p")[1]
$ sudo ruby /tmp/test.rb 
/tmp/test.rb:6: [BUG] Segmentation fault at 0x00000000000101
ruby 2.1.5p329 (2015-03-31) [x86_64-linux-gnu]

-- Control frame information -----------------------------------------------
c:0003 p:---- s:0010 e:000009 CFUNC  :unpack
c:0002 p:0086 s:0006 E:000af8 EVAL   /tmp/test.rb:6 [FINISH]
c:0001 p:0000 s:0002 E:000c18 TOP    [FINISH]

-- Ruby level backtrace information ----------------------------------------
/tmp/test.rb:6:in `<main>'
/tmp/test.rb:6:in `unpack'

-- C level backtrace information -------------------------------------------
/usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1(+0x18aa57) [0x7f437568ca57]
/usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1(+0x18ab23) [0x7f437568cb23]
/usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1(+0x6d583) [0x7f437556f583] putchar.c:28
/usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1(rb_bug+0xb3) [0x7f437556fbf3] swscanf.c:26
/usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1(+0x121093) [0x7f4375623093] ../sysdeps/x86_64/multiarch/strcmp-sse42.S:1000
/lib/x86_64-linux-gnu/libpthread.so.0(+0xf8d0) [0x7f43752f48d0] ../nptl/sysdeps/pthread/funlockfile.c:29
/usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1(+0xc3036) [0x7f43755c5036] regex_internal.c:1187
/usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1(+0x174fe6) [0x7f4375676fe6]
/usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1(+0x18549d) [0x7f437568749d]
/usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1(+0x17db63) [0x7f437567fb63]
/usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1(+0x1833dd) [0x7f43756853dd]
/usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1(rb_iseq_eval_main+0x7f) [0x7f43756871bf]
/usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1(+0x70c5f) [0x7f4375572c5f] iofwide.c:120
/usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1(ruby_exec_node+0x1d) [0x7f437557462d] obprintf.c:137
/usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1(ruby_run_node+0x1e) [0x7f437557634e] fileops.c:767
ruby() [0x4008ab]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7f437459eb45] libc-start.c:287
ruby() [0x4008d9]

-- Other runtime information -----------------------------------------------

* Loaded script: /tmp/test.rb

* Loaded features:

    0 enumerator.so
    1 /usr/lib/x86_64-linux-gnu/ruby/2.1.0/enc/encdb.so
    2 /usr/lib/x86_64-linux-gnu/ruby/2.1.0/enc/trans/transdb.so
    3 /usr/lib/x86_64-linux-gnu/ruby/2.1.0/rbconfig.rb
    4 /usr/lib/ruby/2.1.0/rubygems/compatibility.rb
    5 /usr/lib/ruby/2.1.0/rubygems/defaults.rb
    6 /usr/lib/ruby/2.1.0/rubygems/deprecate.rb
    7 /usr/lib/ruby/2.1.0/rubygems/errors.rb
    8 /usr/lib/ruby/2.1.0/rubygems/version.rb
    9 /usr/lib/ruby/2.1.0/rubygems/requirement.rb
   10 /usr/lib/ruby/2.1.0/rubygems/platform.rb
   11 /usr/lib/ruby/2.1.0/rubygems/basic_specification.rb
   12 /usr/lib/ruby/2.1.0/rubygems/stub_specification.rb
   13 /usr/lib/ruby/2.1.0/rubygems/util/stringio.rb
   14 /usr/lib/ruby/2.1.0/rubygems/specification.rb
   15 /usr/lib/ruby/2.1.0/rubygems/exceptions.rb
   16 /usr/lib/ruby/vendor_ruby/rubygems/defaults/operating_system.rb
   17 /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_gem.rb
   18 thread.rb
   19 /usr/lib/x86_64-linux-gnu/ruby/2.1.0/thread.so
   20 /usr/lib/ruby/2.1.0/monitor.rb
   21 /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb
   22 /usr/lib/ruby/2.1.0/rubygems.rb
   23 /usr/lib/x86_64-linux-gnu/ruby/2.1.0/socket.so
   24 /usr/lib/ruby/2.1.0/socket.rb

* Process memory map:

00400000-00401000 r-xp 00000000 fe:00 7625253                            /usr/bin/ruby2.1
00600000-00601000 r--p 00000000 fe:00 7625253                            /usr/bin/ruby2.1
00601000-00602000 rw-p 00001000 fe:00 7625253                            /usr/bin/ruby2.1
0175c000-01c1e000 rw-p 00000000 00:00 0                                  [heap]
7f4373a33000-7f4373a49000 r-xp 00000000 fe:00 10354915                   /lib/x86_64-linux-gnu/libgcc_s.so.1
7f4373a49000-7f4373c48000 ---p 00016000 fe:00 10354915                   /lib/x86_64-linux-gnu/libgcc_s.so.1
7f4373c48000-7f4373c49000 rw-p 00015000 fe:00 10354915                   /lib/x86_64-linux-gnu/libgcc_s.so.1
7f4373c49000-7f4373c70000 r-xp 00000000 fe:00 8669366                    /usr/lib/x86_64-linux-gnu/ruby/2.1.0/socket.so
7f4373c70000-7f4373e6f000 ---p 00027000 fe:00 8669366                    /usr/lib/x86_64-linux-gnu/ruby/2.1.0/socket.so
7f4373e6f000-7f4373e70000 r--p 00026000 fe:00 8669366                    /usr/lib/x86_64-linux-gnu/ruby/2.1.0/socket.so
7f4373e70000-7f4373e71000 rw-p 00027000 fe:00 8669366                    /usr/lib/x86_64-linux-gnu/ruby/2.1.0/socket.so
7f4373e71000-7f4373e74000 r-xp 00000000 fe:00 8669356                    /usr/lib/x86_64-linux-gnu/ruby/2.1.0/thread.so
7f4373e74000-7f4374073000 ---p 00003000 fe:00 8669356                    /usr/lib/x86_64-linux-gnu/ruby/2.1.0/thread.so
7f4374073000-7f4374074000 r--p 00002000 fe:00 8669356                    /usr/lib/x86_64-linux-gnu/ruby/2.1.0/thread.so
7f4374074000-7f4374075000 rw-p 00003000 fe:00 8669356                    /usr/lib/x86_64-linux-gnu/ruby/2.1.0/thread.so
7f4374075000-7f4374077000 r-xp 00000000 fe:00 8669437                    /usr/lib/x86_64-linux-gnu/ruby/2.1.0/enc/trans/transdb.so
7f4374077000-7f4374277000 ---p 00002000 fe:00 8669437                    /usr/lib/x86_64-linux-gnu/ruby/2.1.0/enc/trans/transdb.so
7f4374277000-7f4374278000 r--p 00002000 fe:00 8669437                    /usr/lib/x86_64-linux-gnu/ruby/2.1.0/enc/trans/transdb.so
7f4374278000-7f4374279000 rw-p 00003000 fe:00 8669437                    /usr/lib/x86_64-linux-gnu/ruby/2.1.0/enc/trans/transdb.so
7f4374279000-7f437427b000 r-xp 00000000 fe:00 8669417                    /usr/lib/x86_64-linux-gnu/ruby/2.1.0/enc/encdb.so
7f437427b000-7f437447a000 ---p 00002000 fe:00 8669417                    /usr/lib/x86_64-linux-gnu/ruby/2.1.0/enc/encdb.so
7f437447a000-7f437447b000 r--p 00001000 fe:00 8669417                    /usr/lib/x86_64-linux-gnu/ruby/2.1.0/enc/encdb.so
7f437447b000-7f437447c000 rw-p 00002000 fe:00 8669417                    /usr/lib/x86_64-linux-gnu/ruby/2.1.0/enc/encdb.so
7f437447c000-7f437457d000 rw-p 00000000 00:00 0 
7f437457d000-7f437471c000 r-xp 00000000 fe:00 10365482                   /lib/x86_64-linux-gnu/libc-2.19.so
7f437471c000-7f437491c000 ---p 0019f000 fe:00 10365482                   /lib/x86_64-linux-gnu/libc-2.19.so
7f437491c000-7f4374920000 r--p 0019f000 fe:00 10365482                   /lib/x86_64-linux-gnu/libc-2.19.so
7f4374920000-7f4374922000 rw-p 001a3000 fe:00 10365482                   /lib/x86_64-linux-gnu/libc-2.19.so
7f4374922000-7f4374926000 rw-p 00000000 00:00 0 
7f4374926000-7f4374a26000 r-xp 00000000 fe:00 10365481                   /lib/x86_64-linux-gnu/libm-2.19.so
7f4374a26000-7f4374c25000 ---p 00100000 fe:00 10365481                   /lib/x86_64-linux-gnu/libm-2.19.so
7f4374c25000-7f4374c26000 r--p 000ff000 fe:00 10365481                   /lib/x86_64-linux-gnu/libm-2.19.so
7f4374c26000-7f4374c27000 rw-p 00100000 fe:00 10365481                   /lib/x86_64-linux-gnu/libm-2.19.so
7f4374c27000-7f4374c2f000 r-xp 00000000 fe:00 10364418                   /lib/x86_64-linux-gnu/libcrypt-2.19.so
7f4374c2f000-7f4374e2e000 ---p 00008000 fe:00 10364418                   /lib/x86_64-linux-gnu/libcrypt-2.19.so
7f4374e2e000-7f4374e2f000 r--p 00007000 fe:00 10364418                   /lib/x86_64-linux-gnu/libcrypt-2.19.so
7f4374e2f000-7f4374e30000 rw-p 00008000 fe:00 10364418                   /lib/x86_64-linux-gnu/libcrypt-2.19.so
7f4374e30000-7f4374e5e000 rw-p 00000000 00:00 0 
7f4374e5e000-7f4374e61000 r-xp 00000000 fe:00 10361892                   /lib/x86_64-linux-gnu/libdl-2.19.so
7f4374e61000-7f4375060000 ---p 00003000 fe:00 10361892                   /lib/x86_64-linux-gnu/libdl-2.19.so
7f4375060000-7f4375061000 r--p 00002000 fe:00 10361892                   /lib/x86_64-linux-gnu/libdl-2.19.so
7f4375061000-7f4375062000 rw-p 00003000 fe:00 10361892                   /lib/x86_64-linux-gnu/libdl-2.19.so
7f4375062000-7f43750e3000 r-xp 00000000 fe:00 7603703                    /usr/lib/x86_64-linux-gnu/libgmp.so.10.2.0
7f43750e3000-7f43752e3000 ---p 00081000 fe:00 7603703                    /usr/lib/x86_64-linux-gnu/libgmp.so.10.2.0
7f43752e3000-7f43752e4000 r--p 00081000 fe:00 7603703                    /usr/lib/x86_64-linux-gnu/libgmp.so.10.2.0
7f43752e4000-7f43752e5000 rw-p 00082000 fe:00 7603703                    /usr/lib/x86_64-linux-gnu/libgmp.so.10.2.0
7f43752e5000-7f43752fd000 r-xp 00000000 fe:00 10364413                   /lib/x86_64-linux-gnu/libpthread-2.19.so
7f43752fd000-7f43754fc000 ---p 00018000 fe:00 10364413                   /lib/x86_64-linux-gnu/libpthread-2.19.so
7f43754fc000-7f43754fd000 r--p 00017000 fe:00 10364413                   /lib/x86_64-linux-gnu/libpthread-2.19.so
7f43754fd000-7f43754fe000 rw-p 00018000 fe:00 10364413                   /lib/x86_64-linux-gnu/libpthread-2.19.so
7f43754fe000-7f4375502000 rw-p 00000000 00:00 0 
7f4375502000-7f4375751000 r-xp 00000000 fe:00 7605035                    /usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1.0
7f4375751000-7f4375950000 ---p 0024f000 fe:00 7605035                    /usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1.0
7f4375950000-7f4375959000 rw-p 0024e000 fe:00 7605035                    /usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1.0
7f4375959000-7f437597e000 rw-p 00000000 00:00 0 
7f437597e000-7f437599e000 r-xp 00000000 fe:00 10354756                   /lib/x86_64-linux-gnu/ld-2.19.so
7f43759e9000-7f4375b72000 r--p 00000000 fe:00 7604405                    /usr/lib/locale/locale-archive
7f4375b72000-7f4375b77000 rw-p 00000000 00:00 0 
7f4375b97000-7f4375b98000 rw-p 00000000 00:00 0 
7f4375b98000-7f4375b99000 ---p 00000000 00:00 0 
7f4375b99000-7f4375b9e000 rw-p 00000000 00:00 0                          [stack:13985]
7f4375b9e000-7f4375b9f000 r--p 00020000 fe:00 10354756                   /lib/x86_64-linux-gnu/ld-2.19.so
7f4375b9f000-7f4375ba0000 rw-p 00021000 fe:00 10354756                   /lib/x86_64-linux-gnu/ld-2.19.so
7f4375ba0000-7f4375ba1000 rw-p 00000000 00:00 0 
7ffd5881e000-7ffd5883f000 rw-p 00000000 00:00 0 
7ffd58867000-7ffd58869000 r-xp 00000000 00:00 0                          [vdso]
7ffd58869000-7ffd5886b000 r--p 00000000 00:00 0                          [vvar]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]


[NOTE]
You may have encountered a bug in the Ruby interpreter or extension libraries.
Bug reports are welcome.
For details: http://www.ruby-lang.org/bugreport.html
Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0