Project

General

Profile

Actions
Copy link

Bug #12651

closed

SEGV in ripper: ripper/sexp.rb:33: [BUG] Segmentation fault at 0x00000000000014

Added by Tietew (Toru Iwase) almost 9 years ago. Updated almost 9 years ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
ruby 2.4.0dev (2016-08-02 trunk 55799) [x86_64-linux]
Backport:
2.1: UNKNOWN, 2.2: UNKNOWN, 2.3: UNKNOWN
[ruby-core:76673]

Description

I encountered SEGV in ripper.
OS: Ubuntu 16.04.01 LTS (xenial)

How to reproduce:

$ rbenv version
2.4.0-dev (set by RBENV_VERSION environment variable)
$ ruby -rripper -e 'Ripper.sexp(File.read("ripper_segv.html.erb"))'
/usr/local/anyenv/envs/rbenv/versions/2.4.0-dev/lib/ruby/2.4.0/ripper/sexp.rb:33: [BUG] Segmentation fault at 0x00000000000014
ruby 2.4.0dev (2016-08-02 trunk 55799) [x86_64-linux]
(see attached dump)

I know ripper cannot parse ERb files.
In Ruby 2.3, Ripper.sexp(erb_content) returns nil but following warnings.

$ ruby -v
ruby 2.3.1p112 (2016-04-26 revision 54768) [x86_64-linux]
$ ruby -rripper -e 'p Ripper.sexp(File.read("ripper_segv.html.erb"))'
-:11: regexp encoding option 'e' differs from source encoding 'UTF-8'
nil

Files

Download all files
ripper_segv.html.erb (443 Bytes) ripper_segv.html.erb ERb file to be parsed Tietew (Toru Iwase), 08/03/2016 04:51 AM
ripper_segv.dump.txt (13.7 KB) ripper_segv.dump.txt ruby debug info Tietew (Toru Iwase), 08/03/2016 04:51 AM
ripper_segv.gdb.txt (5.12 KB) ripper_segv.gdb.txt gdb backtrace Tietew (Toru Iwase), 08/03/2016 04:51 AM
Actions
Copy link
 #1 [ruby-core:76679]

Updated by shyouhei (Shyouhei Urabe) almost 9 years ago

I can reproduce this.

(lldb) run
Process 47463 launched: './ruby' (x86_64)
Process 47463 stopped
* thread #1: tid = 0xeafca, 0x000000010015ea3f ruby`str_buf_cat(str=8, ptr="-", len=1) + 31 at string.c:2600, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x14)
    frame #0: 0x000000010015ea3f ruby`str_buf_cat(str=8, ptr="-", len=1) + 31 at string.c:2600
   2597         else {
   2598             capa = total;
   2599         }
-> 2600         RESIZE_CAPA_TERM(str, capa, termlen);
   2601         sptr = RSTRING_PTR(str);
   2602     }
   2603     if (off != -1) {
(lldb) bt
* thread #1: tid = 0xeafca, 0x000000010015ea3f ruby`str_buf_cat(str=8, ptr="-", len=1) + 31 at string.c:2600, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x14)
  * frame #0: 0x000000010015ea3f ruby`str_buf_cat(str=8, ptr="-", len=1) + 31 at string.c:2600
    frame #1: 0x0000000100068709 ruby`rb_syntax_error_append [inlined] err_vcatf + 16 at error.c:87
    frame #2: 0x00000001000686f9 ruby`rb_syntax_error_append(exc=304942678023, file=<unavailable>, line=11, column=<unavailable>, enc=<unavailable>, fmt=<unavailable>, args=<unavailable>) + 281 at error.c:118
    frame #3: 0x00000001000e7646 ruby`parser_compile_error(parser=0x000000010175dd00, fmt=<unavailable>) + 214 at parse.y:11081
    frame #4: 0x00000001000f3cf6 ruby`reg_fragment_setenc_gen(parser=0x000000010175dd00, str=4321355880, options=<unavailable>) + 246 at parse.y:10574
    frame #5: 0x00000001000e9220 ruby`rb_parser_reg_compile [inlined] parser_reg_compile(parser=0x000000010175dd00, str=4321355880, options=25872) + 14 at parse.y:10642
    frame #6: 0x00000001000e9212 ruby`rb_parser_reg_compile(parser=0x000000010175dd00, str=4321355880, options=25872, errmsg=0x00007fff5fbfdb98) + 34 at parse.y:10672
    frame #7: 0x000000010103fbdc ripper.bundle`ripper_yyparse(parser=<unavailable>) + 40140 at ripper.y:4055
    frame #8: 0x000000010105a11e ripper.bundle`ripper_parse0(parser_v=<unavailable>) + 286 at ripper.y:11398
    frame #9: 0x00000001000732a6 ruby`rb_ensure(b_proc=(ripper.bundle`ripper_parse0 at ripper.y:11393), data1=4321422440, e_proc=<unavailable>, data2=<unavailable>) + 166 at eval.c:899
    frame #10: 0x000000010104dd95 ripper.bundle`ripper_parse(self=4321422440) + 85 at ripper.y:11434
    frame #11: 0x00000001001c0584 ruby`vm_call_cfunc [inlined] vm_call_cfunc_with_frame + 175 at vm_insnhelper.c:1729
    frame #12: 0x00000001001c04d5 ruby`vm_call_cfunc(th=<unavailable>, reg_cfp=<unavailable>, calling=<unavailable>, ci=<unavailable>, cc=<unavailable>) + 69 at vm_insnhelper.c:1824
    frame #13: 0x00000001001a9985 ruby`vm_exec_core(th=<unavailable>, initial=<unavailable>) + 12485 at insns.def:1064
    frame #14: 0x00000001001babcd ruby`vm_exec(th=<unavailable>) + 125 at vm.c:1710
    frame #15: 0x00000001000722e0 ruby`ruby_exec_internal(n=0x00000001018d8ae0) + 144 at eval.c:244
    frame #16: 0x00000001000721f6 ruby`ruby_run_node [inlined] ruby_exec_node(n=<unavailable>) + 54 at eval.c:308
    frame #17: 0x00000001000721e8 ruby`ruby_run_node(n=<unavailable>) + 40 at eval.c:300
    frame #18: 0x0000000100001873 ruby`main(argc=<unavailable>, argv=<unavailable>) + 99 at main.c:36
    frame #19: 0x00007fff8dff75ad libdyld.dylib`start + 1
(lldb)
Actions
Copy link
 #2

Updated by nobu (Nobuyoshi Nakada) almost 9 years ago

  • Status changed from Open to Closed

Applied in changeset r55810.

parse.y: reg_fragment_enc_error

  • parse.y (reg_fragment_enc_error): compile_error is different
    between parser and ripper. [ruby-core:76397] [Bug #12651]
Actions
Copy link

Also available in: Atom PDF

Like0
Like0Like0