Bug #10568
closedsegmentation fault after pack & ioctl & unpack
Description
This snippet produces a segmentation fault on rubies on ruby_2_1 branch from git commit [1]
onwards and ruby_2_0_0 branch from commit [2] onwards. I was unable to reproduce the issue
on the current trunk [3]:
require 'socket'
SIOCETHTOOL = 0x8946
i = ["lo", "\n"].pack("a16p")
s = Socket.new(Socket::AF_INET, Socket::SOCK_DGRAM, 0)
s.ioctl(SIOCETHTOOL, i)
i.unpack("a16p")[1]
This patch [4] fixes the issue for both 2_1 and 2_0_0 branches, although the test case it contains
does not produce a segfault (only raises an ArgumentError) on affected revisions.
Files
Updated by bkutil (Balazs Kutil) almost 10 years ago
Sorry, forgot to explicitly mention that this is running on linux and that sudo is required to run the snippet (because of the ioctl).
Updated by bkutil (Balazs Kutil) almost 10 years ago
Attached is a patch, based on 4b146b25, which omits the deprecations in String API.
Updated by tenderlovemaking (Aaron Patterson) almost 10 years ago
- Tracker changed from Bug to Backport
- Project changed from Ruby master to Backport21
Updated by nagachika (Tomoyuki Chikanaga) almost 10 years ago
- Tracker changed from Backport to Bug
- Project changed from Backport21 to Ruby master
- Status changed from Open to Closed
- Assignee changed from ko1 (Koichi Sasada) to nobu (Nobuyoshi Nakada)
- ruby -v set to -
- Backport set to 2.0.0: REQUIRED, 2.1: REQUIRED, 2.2: DONTNEED
Hello Balazs.
Thank you for your precise report and a patch.
I've found that r44803 and r44804 seems related changesets.
I'll move this ticket to ruby-trunk again and fill Backport field because this should be backported into ruby_2_0_0 too.
Updated by usa (Usaku NAKAMURA) almost 10 years ago
- Backport changed from 2.0.0: REQUIRED, 2.1: REQUIRED, 2.2: DONTNEED to 2.0.0: DONE, 2.1: REQUIRED, 2.2: DONTNEED
ruby_2_0_0 r49447 merged revision(s) 48803.
r44803 was already backported to ruby_2_0_0
, and now a part of r44804 has been backported. (to keep compatibility, deprecated
stuff is omitted.)
Updated by nagachika (Tomoyuki Chikanaga) over 9 years ago
- Backport changed from 2.0.0: DONE, 2.1: REQUIRED, 2.2: DONTNEED to 2.0.0: DONE, 2.1: DONE, 2.2: DONTNEED
r44803 was already backported in ruby_2_1
branch at r44819 for #9478.
Updated by terceiro (Antonio Terceiro) over 9 years ago
I can still reproduce the segfault with the current ruby_2_1 branch, so I would say backporting the patch mentioned by the OP is still needed:
$ ruby -v
ruby 2.1.5p329 (2015-03-31) [x86_64-linux-gnu]
$ cat /tmp/test.rb
require 'socket'
SIOCETHTOOL = 0x8946
i = ["lo", "\n"].pack("a16p")
s = Socket.new(Socket::AF_INET, Socket::SOCK_DGRAM, 0)
s.ioctl(SIOCETHTOOL, i)
i.unpack("a16p")[1]
$ sudo ruby /tmp/test.rb
/tmp/test.rb:6: [BUG] Segmentation fault at 0x00000000000101
ruby 2.1.5p329 (2015-03-31) [x86_64-linux-gnu]
-- Control frame information -----------------------------------------------
c:0003 p:---- s:0010 e:000009 CFUNC :unpack
c:0002 p:0086 s:0006 E:000af8 EVAL /tmp/test.rb:6 [FINISH]
c:0001 p:0000 s:0002 E:000c18 TOP [FINISH]
-- Ruby level backtrace information ----------------------------------------
/tmp/test.rb:6:in `<main>'
/tmp/test.rb:6:in `unpack'
-- C level backtrace information -------------------------------------------
/usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1(+0x18aa57) [0x7f437568ca57]
/usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1(+0x18ab23) [0x7f437568cb23]
/usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1(+0x6d583) [0x7f437556f583] putchar.c:28
/usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1(rb_bug+0xb3) [0x7f437556fbf3] swscanf.c:26
/usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1(+0x121093) [0x7f4375623093] ../sysdeps/x86_64/multiarch/strcmp-sse42.S:1000
/lib/x86_64-linux-gnu/libpthread.so.0(+0xf8d0) [0x7f43752f48d0] ../nptl/sysdeps/pthread/funlockfile.c:29
/usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1(+0xc3036) [0x7f43755c5036] regex_internal.c:1187
/usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1(+0x174fe6) [0x7f4375676fe6]
/usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1(+0x18549d) [0x7f437568749d]
/usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1(+0x17db63) [0x7f437567fb63]
/usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1(+0x1833dd) [0x7f43756853dd]
/usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1(rb_iseq_eval_main+0x7f) [0x7f43756871bf]
/usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1(+0x70c5f) [0x7f4375572c5f] iofwide.c:120
/usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1(ruby_exec_node+0x1d) [0x7f437557462d] obprintf.c:137
/usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1(ruby_run_node+0x1e) [0x7f437557634e] fileops.c:767
ruby() [0x4008ab]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7f437459eb45] libc-start.c:287
ruby() [0x4008d9]
-- Other runtime information -----------------------------------------------
* Loaded script: /tmp/test.rb
* Loaded features:
0 enumerator.so
1 /usr/lib/x86_64-linux-gnu/ruby/2.1.0/enc/encdb.so
2 /usr/lib/x86_64-linux-gnu/ruby/2.1.0/enc/trans/transdb.so
3 /usr/lib/x86_64-linux-gnu/ruby/2.1.0/rbconfig.rb
4 /usr/lib/ruby/2.1.0/rubygems/compatibility.rb
5 /usr/lib/ruby/2.1.0/rubygems/defaults.rb
6 /usr/lib/ruby/2.1.0/rubygems/deprecate.rb
7 /usr/lib/ruby/2.1.0/rubygems/errors.rb
8 /usr/lib/ruby/2.1.0/rubygems/version.rb
9 /usr/lib/ruby/2.1.0/rubygems/requirement.rb
10 /usr/lib/ruby/2.1.0/rubygems/platform.rb
11 /usr/lib/ruby/2.1.0/rubygems/basic_specification.rb
12 /usr/lib/ruby/2.1.0/rubygems/stub_specification.rb
13 /usr/lib/ruby/2.1.0/rubygems/util/stringio.rb
14 /usr/lib/ruby/2.1.0/rubygems/specification.rb
15 /usr/lib/ruby/2.1.0/rubygems/exceptions.rb
16 /usr/lib/ruby/vendor_ruby/rubygems/defaults/operating_system.rb
17 /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_gem.rb
18 thread.rb
19 /usr/lib/x86_64-linux-gnu/ruby/2.1.0/thread.so
20 /usr/lib/ruby/2.1.0/monitor.rb
21 /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb
22 /usr/lib/ruby/2.1.0/rubygems.rb
23 /usr/lib/x86_64-linux-gnu/ruby/2.1.0/socket.so
24 /usr/lib/ruby/2.1.0/socket.rb
* Process memory map:
00400000-00401000 r-xp 00000000 fe:00 7625253 /usr/bin/ruby2.1
00600000-00601000 r--p 00000000 fe:00 7625253 /usr/bin/ruby2.1
00601000-00602000 rw-p 00001000 fe:00 7625253 /usr/bin/ruby2.1
0175c000-01c1e000 rw-p 00000000 00:00 0 [heap]
7f4373a33000-7f4373a49000 r-xp 00000000 fe:00 10354915 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f4373a49000-7f4373c48000 ---p 00016000 fe:00 10354915 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f4373c48000-7f4373c49000 rw-p 00015000 fe:00 10354915 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f4373c49000-7f4373c70000 r-xp 00000000 fe:00 8669366 /usr/lib/x86_64-linux-gnu/ruby/2.1.0/socket.so
7f4373c70000-7f4373e6f000 ---p 00027000 fe:00 8669366 /usr/lib/x86_64-linux-gnu/ruby/2.1.0/socket.so
7f4373e6f000-7f4373e70000 r--p 00026000 fe:00 8669366 /usr/lib/x86_64-linux-gnu/ruby/2.1.0/socket.so
7f4373e70000-7f4373e71000 rw-p 00027000 fe:00 8669366 /usr/lib/x86_64-linux-gnu/ruby/2.1.0/socket.so
7f4373e71000-7f4373e74000 r-xp 00000000 fe:00 8669356 /usr/lib/x86_64-linux-gnu/ruby/2.1.0/thread.so
7f4373e74000-7f4374073000 ---p 00003000 fe:00 8669356 /usr/lib/x86_64-linux-gnu/ruby/2.1.0/thread.so
7f4374073000-7f4374074000 r--p 00002000 fe:00 8669356 /usr/lib/x86_64-linux-gnu/ruby/2.1.0/thread.so
7f4374074000-7f4374075000 rw-p 00003000 fe:00 8669356 /usr/lib/x86_64-linux-gnu/ruby/2.1.0/thread.so
7f4374075000-7f4374077000 r-xp 00000000 fe:00 8669437 /usr/lib/x86_64-linux-gnu/ruby/2.1.0/enc/trans/transdb.so
7f4374077000-7f4374277000 ---p 00002000 fe:00 8669437 /usr/lib/x86_64-linux-gnu/ruby/2.1.0/enc/trans/transdb.so
7f4374277000-7f4374278000 r--p 00002000 fe:00 8669437 /usr/lib/x86_64-linux-gnu/ruby/2.1.0/enc/trans/transdb.so
7f4374278000-7f4374279000 rw-p 00003000 fe:00 8669437 /usr/lib/x86_64-linux-gnu/ruby/2.1.0/enc/trans/transdb.so
7f4374279000-7f437427b000 r-xp 00000000 fe:00 8669417 /usr/lib/x86_64-linux-gnu/ruby/2.1.0/enc/encdb.so
7f437427b000-7f437447a000 ---p 00002000 fe:00 8669417 /usr/lib/x86_64-linux-gnu/ruby/2.1.0/enc/encdb.so
7f437447a000-7f437447b000 r--p 00001000 fe:00 8669417 /usr/lib/x86_64-linux-gnu/ruby/2.1.0/enc/encdb.so
7f437447b000-7f437447c000 rw-p 00002000 fe:00 8669417 /usr/lib/x86_64-linux-gnu/ruby/2.1.0/enc/encdb.so
7f437447c000-7f437457d000 rw-p 00000000 00:00 0
7f437457d000-7f437471c000 r-xp 00000000 fe:00 10365482 /lib/x86_64-linux-gnu/libc-2.19.so
7f437471c000-7f437491c000 ---p 0019f000 fe:00 10365482 /lib/x86_64-linux-gnu/libc-2.19.so
7f437491c000-7f4374920000 r--p 0019f000 fe:00 10365482 /lib/x86_64-linux-gnu/libc-2.19.so
7f4374920000-7f4374922000 rw-p 001a3000 fe:00 10365482 /lib/x86_64-linux-gnu/libc-2.19.so
7f4374922000-7f4374926000 rw-p 00000000 00:00 0
7f4374926000-7f4374a26000 r-xp 00000000 fe:00 10365481 /lib/x86_64-linux-gnu/libm-2.19.so
7f4374a26000-7f4374c25000 ---p 00100000 fe:00 10365481 /lib/x86_64-linux-gnu/libm-2.19.so
7f4374c25000-7f4374c26000 r--p 000ff000 fe:00 10365481 /lib/x86_64-linux-gnu/libm-2.19.so
7f4374c26000-7f4374c27000 rw-p 00100000 fe:00 10365481 /lib/x86_64-linux-gnu/libm-2.19.so
7f4374c27000-7f4374c2f000 r-xp 00000000 fe:00 10364418 /lib/x86_64-linux-gnu/libcrypt-2.19.so
7f4374c2f000-7f4374e2e000 ---p 00008000 fe:00 10364418 /lib/x86_64-linux-gnu/libcrypt-2.19.so
7f4374e2e000-7f4374e2f000 r--p 00007000 fe:00 10364418 /lib/x86_64-linux-gnu/libcrypt-2.19.so
7f4374e2f000-7f4374e30000 rw-p 00008000 fe:00 10364418 /lib/x86_64-linux-gnu/libcrypt-2.19.so
7f4374e30000-7f4374e5e000 rw-p 00000000 00:00 0
7f4374e5e000-7f4374e61000 r-xp 00000000 fe:00 10361892 /lib/x86_64-linux-gnu/libdl-2.19.so
7f4374e61000-7f4375060000 ---p 00003000 fe:00 10361892 /lib/x86_64-linux-gnu/libdl-2.19.so
7f4375060000-7f4375061000 r--p 00002000 fe:00 10361892 /lib/x86_64-linux-gnu/libdl-2.19.so
7f4375061000-7f4375062000 rw-p 00003000 fe:00 10361892 /lib/x86_64-linux-gnu/libdl-2.19.so
7f4375062000-7f43750e3000 r-xp 00000000 fe:00 7603703 /usr/lib/x86_64-linux-gnu/libgmp.so.10.2.0
7f43750e3000-7f43752e3000 ---p 00081000 fe:00 7603703 /usr/lib/x86_64-linux-gnu/libgmp.so.10.2.0
7f43752e3000-7f43752e4000 r--p 00081000 fe:00 7603703 /usr/lib/x86_64-linux-gnu/libgmp.so.10.2.0
7f43752e4000-7f43752e5000 rw-p 00082000 fe:00 7603703 /usr/lib/x86_64-linux-gnu/libgmp.so.10.2.0
7f43752e5000-7f43752fd000 r-xp 00000000 fe:00 10364413 /lib/x86_64-linux-gnu/libpthread-2.19.so
7f43752fd000-7f43754fc000 ---p 00018000 fe:00 10364413 /lib/x86_64-linux-gnu/libpthread-2.19.so
7f43754fc000-7f43754fd000 r--p 00017000 fe:00 10364413 /lib/x86_64-linux-gnu/libpthread-2.19.so
7f43754fd000-7f43754fe000 rw-p 00018000 fe:00 10364413 /lib/x86_64-linux-gnu/libpthread-2.19.so
7f43754fe000-7f4375502000 rw-p 00000000 00:00 0
7f4375502000-7f4375751000 r-xp 00000000 fe:00 7605035 /usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1.0
7f4375751000-7f4375950000 ---p 0024f000 fe:00 7605035 /usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1.0
7f4375950000-7f4375959000 rw-p 0024e000 fe:00 7605035 /usr/lib/x86_64-linux-gnu/libruby-2.1.so.2.1.0
7f4375959000-7f437597e000 rw-p 00000000 00:00 0
7f437597e000-7f437599e000 r-xp 00000000 fe:00 10354756 /lib/x86_64-linux-gnu/ld-2.19.so
7f43759e9000-7f4375b72000 r--p 00000000 fe:00 7604405 /usr/lib/locale/locale-archive
7f4375b72000-7f4375b77000 rw-p 00000000 00:00 0
7f4375b97000-7f4375b98000 rw-p 00000000 00:00 0
7f4375b98000-7f4375b99000 ---p 00000000 00:00 0
7f4375b99000-7f4375b9e000 rw-p 00000000 00:00 0 [stack:13985]
7f4375b9e000-7f4375b9f000 r--p 00020000 fe:00 10354756 /lib/x86_64-linux-gnu/ld-2.19.so
7f4375b9f000-7f4375ba0000 rw-p 00021000 fe:00 10354756 /lib/x86_64-linux-gnu/ld-2.19.so
7f4375ba0000-7f4375ba1000 rw-p 00000000 00:00 0
7ffd5881e000-7ffd5883f000 rw-p 00000000 00:00 0
7ffd58867000-7ffd58869000 r-xp 00000000 00:00 0 [vdso]
7ffd58869000-7ffd5886b000 r--p 00000000 00:00 0 [vvar]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
[NOTE]
You may have encountered a bug in the Ruby interpreter or extension libraries.
Bug reports are welcome.
For details: http://www.ruby-lang.org/bugreport.html