Project

General

Profile

Actions

Bug #1100

closed

parsing bad YAML crashes interpreter

Added by bitsweat (Jeremy Daer) about 12 years ago. Updated almost 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
ruby -v:
ruby 1.9.1p5000 (2009-02-02 trunk 21932) [i386-darwin9.6.0]
Backport:
[ruby-core:21807]

Description

=begin
$ ruby18 -ryaml -e 'YAML.load("{: 1}")'
/usr/local/ruby/1.8.7-gc/lib/ruby/1.8/yaml.rb:133:in load': syntax error on line 0, col 2:{: 1}' (ArgumentError)
from /usr/local/ruby/1.8.7-gc/lib/ruby/1.8/yaml.rb:133:in `load'
from -e:1

$ ruby19 -ryaml -e 'YAML.load("{: 1}")'
/usr/local/ruby/1.9-trunk/lib/ruby/1.9.1/yaml.rb:133: [BUG] Bus Error
ruby 1.9.1p5000 (2009-02-02 trunk 21932) [i386-darwin9.6.0]

-- control frame ----------
c:0005 p:---- s:0015 b:0015 l:000014 d:000014 CFUNC :load
c:0004 p:0019 s:0011 b:0011 l:000010 d:000010 METHOD /usr/local/ruby/1.9-trunk/lib/ruby/1.9.1/yaml.rb:133
c:0003 p:0017 s:0006 b:0006 l:0003b8 d:001c28 EVAL -e:1
c:0002 p:---- s:0004 b:0004 l:000003 d:000003 FINISH
c:0001 p:0000 s:0002 b:0002 l:0003b8 d:0003b8 TOP :16


-e:1:in <main>'
/usr/local/ruby/1.9-trunk/lib/ruby/1.9.1/yaml.rb:133:in
load'
/usr/local/ruby/1.9-trunk/lib/ruby/1.9.1/yaml.rb:133:in `load'

-- C level backtrace information -------------------------------------------
0x1527ca 0 ruby 0x001527ca rb_vm_bugreport + 189
0x35620 1 ruby 0x00035620 rb_compile_warn + 461
0x356a8 2 ruby 0x000356a8 rb_bug + 39
0xe17a1 3 ruby 0x000e17a1 rb_enable_interrupt + 69
0x911c52bb 4 libSystem.B.dylib 0x911c52bb _sigtramp + 43
0xffffffff 5 ??? 0xffffffff 0x0 + 4294967295
0xe83aa 6 ruby 0x000e83aa rb_enc_vsprintf + 113
0xe8419 7 ruby 0x000e8419 rb_vsprintf + 32
0x35eb9 8 ruby 0x00035eb9 rb_raise + 35
0x44a973 9 syck.bundle 0x0044a973 rb_syck_bad_anchor_handler + 0
0x451952 10 syck.bundle 0x00451952 syckerror + 50
0x4462e5 11 syck.bundle 0x004462e5 syckparse + 2650
0x451607 12 syck.bundle 0x00451607 syck_parse + 176
0x44af3b 13 syck.bundle 0x0044af3b syck_parser_load + 264
0x13834f 14 ruby 0x0013834f rb_iseq_build_for_ruby2cext + 1143
0x149a69 15 ruby 0x00149a69 rb_call_super + 2595
0x13dcfc 16 ruby 0x0013dcfc rb_method_basic_definition_p + 6544
0x14690e 17 ruby 0x0014690e rb_method_basic_definition_p + 42402
0x146c53 18 ruby 0x00146c53 rb_iseq_eval_main + 462
0x36be2 19 ruby 0x00036be2 ruby_exec_node + 147
0x39188 20 ruby 0x00039188 ruby_run_node + 70
0x1dc1 21 ruby 0x00001dc1 main + 95
0x1d36 22 ruby 0x00001d36 start + 54

[NOTE]
You may encounter a bug of Ruby interpreter. Bug reports are welcome.
For details: http://www.ruby-lang.org/bugreport.html

Abort trap
=end

Actions #1

Updated by znz (Kazuhiro NISHIYAMA) about 12 years ago

=begin
PRIdPTRDIFF may define with the length modifier 't' in include/ruby/ruby.h,
but missing/vsnprintf.c does not support the length modifier 't'.

% cat bug1100.c
#include

void
Init_bug1100(void)
{
char str[10] = "";
char *p = str + 4;
rb_raise(rb_eStandardError, "bug#1100 %"PRIdPTRDIFF"", p - str);
}
% ruby-trunk -r mkmf -e 'create_makefile("bug1100")'
creating Makefile
% ruby-trunk -r bug1100 -e 0
ruby-trunk:0:in `require': bug#1100 td (StandardError)
%

This example should be "bug#1100 4" instead of "bug#1100 td".
=end

Actions #2

Updated by matz (Yukihiro Matsumoto) about 12 years ago

  • Status changed from Open to Closed
  • % Done changed from 0 to 100

=begin
Applied in changeset r22024.
=end

Actions

Also available in: Atom PDF