Bug #121

SEGV by File.foreach("keywords")

Added by Nobuyoshi Nakada about 7 years ago. Updated over 4 years ago.

[ruby-dev:35006]
Status:Closed
Priority:Normal
Assignee:-
ruby -v: Backport:

Description

=begin
なかだです。

At Sun, 8 Jun 2008 00:27:53 +0900,
Tanaka Akira wrote in :

以下のようにすると SEGV します。

% ./ruby -ve '
e = File.foreach("keywords")
loop {
p e.next
}
'

手元で再現できないと思ったら、修正してありました。つまり、Cで作
られたEnumeratorがsvarをアクセスするという、test_knownbugs.rbに
すでにいくつかあるテストのバリエーションです。

Index: vm.c
===================================================================
--- vm.c (revision 17037)
+++ vm.c (working copy)
@@ -99,11 +99,12 @@ rb_control_frame_t *
vm_get_ruby_level_cfp(rb_thread_t *th, rb_control_frame_t *cfp)
{
- while (!RUBY_VM_CONTROL_FRAME_STACK_OVERFLOW_P(th, cfp)) {
- if (RUBY_VM_NORMAL_ISEQ_P(cfp->iseq)) {
- return cfp;
- }
+ if (RUBY_VM_CONTROL_FRAME_STACK_OVERFLOW_P(th, cfp)) return 0;
+ while (!RUBY_VM_NORMAL_ISEQ_P(cfp->iseq)) {
cfp = RUBY_VM_PREVIOUS_CONTROL_FRAME(cfp);
+ if (RUBY_VM_CONTROL_FRAME_STACK_OVERFLOW_P(th, cfp)) {
+ return RUBY_VM_NEXT_CONTROL_FRAME(cfp);
+ }
}
- return 0;
+ return cfp;
}

@@ -527,4 +528,7 @@ vm_cfp_svar_get(rb_thread_t *th, rb_cont
while (cfp->pc == 0) {
cfp++;
+ if (RUBY_VM_CONTROL_FRAME_STACK_OVERFLOW_P(th, cfp)) {
+ return lfp_svar_get(th, 0, key);
+ }
}
return lfp_svar_get(th, cfp->lfp, key);
@@ -536,4 +540,8 @@ vm_cfp_svar_set(rb_thread_t *th, rb_cont
while (cfp->pc == 0) {
cfp++;
+ if (RUBY_VM_CONTROL_FRAME_STACK_OVERFLOW_P(th, cfp)) {
+ lfp_svar_set(th, 0, key, val);
+ return;
+ }
}
lfp_svar_set(th, cfp->lfp, key, val);
Index: vm_insnhelper.c
===================================================================
--- vm_insnhelper.c (revision 17037)
+++ vm_insnhelper.c (working copy)
@@ -843,21 +843,16 @@ static inline NODE *
lfp_svar_place(rb_thread_t *th, VALUE *lfp)
{
- NODE *svar;
+ VALUE *svar;

  • if (th->local_lfp != lfp) {
  • svar = (NODE *)lfp[-1];
  • if ((VALUE)svar == Qnil) {
  • svar = NEW_IF(Qnil, Qnil, Qnil);
  • lfp[-1] = (VALUE)svar;
  • }
  • if (lfp && th->local_lfp != lfp) {
  • svar = &lfp[-1]; } else {
  • svar = (NODE *)th->local_svar;
  • if ((VALUE)svar == Qnil) {
  • svar = NEW_IF(Qnil, Qnil, Qnil);
  • th->local_svar = (VALUE)svar;
  • }
  • svar = &th->local_svar;
  • }
  • if (NIL_P(*svar)) {
  • *svar = (VALUE)NEW_IF(Qnil, Qnil, Qnil); }
  • return svar;
  • return (NODE *)*svar; }

--
--- 僕の前にBugはない。
--- 僕の後ろにBugはできる。
中田 伸悦
=end


Related issues

Duplicates Ruby trunk - Bug #109: SEGV by File.foreach("keywords") Closed

Associated revisions

Revision 15141
Added by Sean Russell over 7 years ago

r1479@bean: ser | 2008-01-19 14:26:31 -0500

r1483@bean: ser | 2008-01-19 14:47:23 -0500
Sam's fixes:
* Don't blow up on empty documents
* Add a test case for sorted attributes
* Making the output predictable simplifies unit tests, and doesn't cost
much given that most xml element have few attributes
* Ruby 1.9 revision 14922 is more strict
* Complete Ticket #134
* Fix for ticket #121
* Fix for ticket #124
* Fix for ticket #128
* Fix ticket #133
* Ticket #131 (Support Ruby 1.9)
* Fix for ticket #127
* Fix for ticket #123
* Add missing data needed by test case

r1481@bean (orig r1303): ser | 2008-01-19 17:22:32 -0500
Tagged for release
r1482@bean (orig r1304): ser | 2008-01-19 17:27:10 -0500
Version bump

Revision 15141
Added by Sean Russell over 7 years ago

r1479@bean: ser | 2008-01-19 14:26:31 -0500

r1483@bean: ser | 2008-01-19 14:47:23 -0500
Sam's fixes:
* Don't blow up on empty documents
* Add a test case for sorted attributes
* Making the output predictable simplifies unit tests, and doesn't cost
much given that most xml element have few attributes
* Ruby 1.9 revision 14922 is more strict
* Complete Ticket #134
* Fix for ticket #121
* Fix for ticket #124
* Fix for ticket #128
* Fix ticket #133
* Ticket #131 (Support Ruby 1.9)
* Fix for ticket #127
* Fix for ticket #123
* Add missing data needed by test case

r1481@bean (orig r1303): ser | 2008-01-19 17:22:32 -0500
Tagged for release
r1482@bean (orig r1304): ser | 2008-01-19 17:27:10 -0500
Version bump

History

#1 Updated by Nobuyoshi Nakada about 7 years ago

  • Status changed from Open to Closed
  • % Done changed from 0 to 100

=begin

=end

Also available in: Atom PDF