Bug #12030

Crash calling Hash#dig when hash contains ActiveRecord objects

Added by sbleon (Leon Miller-Out) over 4 years ago. Updated over 4 years ago.

Target version:
ruby -v:
ruby 2.3.0p0 (2015-12-25 revision 53290) [x86_64-darwin15]


This code results in a stack consistency error:

  require 'bundler/inline'
rescue LoadError => e
  $stderr.puts 'Bundler version 1.10 or later is required. Please update your Bundler'
  raise e

gemfile(true) do
  ruby '2.3.0'
  source ''
  gem 'activerecord', '4.2.5'

require 'active_record'

{ foo: ActiveRecord::Base }.dig(:foo, :bar)


crash.rb:5: [BUG] Stack consistency error (sp: 3, bp: 4)
ruby 2.3.0p0 (2015-12-25 revision 53290) [x86_64-darwin13]


-- Control frame information -----------------------------------------------
c:0002 p:0050 s:0003 E:001a80 EVAL   crash.rb:5 [FINISH]
c:0001 p:0000 s:0002 E:000cd0 (none) [FINISH]

-- Ruby level backtrace information ----------------------------------------
crash.rb:5:in `<main>'

-- C level backtrace information -------------------------------------------
0   ruby                                0x000000010a3aa1e4 rb_vm_bugreport + 388
1   ruby                                0x000000010a248aa5 rb_bug + 485
2   ruby                                0x000000010a38abc3 vm_exec_core + 13315
3   ruby                                0x000000010a39b1f9 vm_exec + 121
4   ruby                                0x000000010a251ef4 ruby_exec_internal + 148
5   ruby                                0x000000010a251e1e ruby_run_node + 78
6   ruby                                0x000000010a20820f main + 79

Expected output

crash.rb:5:in `dig': #<Class:ActiveRecord::Base> does not have #dig method (TypeError)


In addition to crashing when trying to dig into ActiveRecord::Base, it will crash trying to dig into a child class of ActiveRecord::Base, or into an instance of a child class of ActiveRecord::Base. Putting AR objects into hashes is probably a common practice in Rails apps, and users will dig too far into those hashes by accident (as I did!)

More realistic production code could look more like:

class User < ActiveRecord::Base; end
{ foo: User.first }.dig(:foo, :bar)

This bug has also been reproduced on: ruby 2.3.0p0 (2015-12-25 revision 53290) [x86_64-linux-gnu]

Updated by akhramov (Artem Khramov) over 4 years ago

Hi, I was able to reproduce it on a bit minified example. Here it is:

class Foo
  def self.respond_to?(*args)

{ foo: Foo }.dig(:foo, :foo)

Updated by nobu (Nobuyoshi Nakada) over 4 years ago

  • Status changed from Open to Closed

Applied in changeset r53695.

vm_eval.c: fix hook call

  • vm_eval.c (rb_check_funcall_with_hook): also should call the given hook before returning Qundef when overridden respond_to? method returned false. [ruby-core:73556] [Bug #12030]

Updated by nagachika (Tomoyuki Chikanaga) over 4 years ago

  • Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN, 2.3: UNKNOWN to 2.0.0: REQUIRED, 2.1: REQUIRED, 2.2: REQUIRED, 2.3: REQUIRED

r53695 should be backported into ruby_2_3 branch.
rb_check_funcall_with_hook() exists in ruby_2_0_0, ruby_2_1, ruby_2_2 branches and they have same potential bug, but rb_check_funcall_with_hook() is never called in these branches.
I fill REQUIRED for all stable branches even though only 2.3 branch has real issue fixed by the change.

Updated by naruse (Yui NARUSE) over 4 years ago

  • Backport changed from 2.0.0: REQUIRED, 2.1: REQUIRED, 2.2: REQUIRED, 2.3: REQUIRED to 2.0.0: REQUIRED, 2.1: REQUIRED, 2.2: REQUIRED, 2.3: DONE

ruby_2_3 r54402 merged revision(s) 53695.

Also available in: Atom PDF