Project

General

Profile

Actions

Bug #12974

closed

Marshal.dump dumps core.

Added by shyouhei (Shyouhei Urabe) over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
ruby -v:
ruby 2.4.0dev (2016-11-24 trunk 56892) [x86_64-darwin15]
[ruby-core:78289]

Description

Hash.include Module.new {
  def marshal_dump
    dup
  end

  def marshal_load this
    initialize_copy this
  end
}

p Marshal.load(Marshal.dump(foo:"bar"))

This script dumps core.

Updated by shyouhei (Shyouhei Urabe) over 5 years ago

zsh % lldb -- ./miniruby -v tmp.rb
(lldb) target create "./miniruby"
Current executable set to './miniruby' (x86_64).
(lldb) settings set -- target.run-args  "-v" "tmp.rb"
(lldb) run
Process 91881 launched: './miniruby' (x86_64)
ruby 2.4.0dev (2016-11-24 trunk 56892) [x86_64-darwin15]
Process 91881 stopped
* thread #1: tid = 0x7f24b, 0x00000001001870e1 miniruby`st_foreach_check(tab=0x0000000100506590, func=(miniruby`hash_foreach_iter at hash.c:376), arg=140734791418320, never=<unavailable>) + 129 at st.c:1475, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=2, address=0x7fff5f3ffff8)
    frame #0: 0x00000001001870e1 miniruby`st_foreach_check(tab=0x0000000100506590, func=(miniruby`hash_foreach_iter at hash.c:376), arg=140734791418320, never=<unavailable>) + 129 at st.c:1475
   1472         key = curr_entry_ptr->key;
   1473         rebuilds_num = tab->rebuilds_num;
   1474         hash = curr_entry_ptr->hash;
-> 1475         retval = (*func)(key, curr_entry_ptr->record, arg, 0);
   1476         if (rebuilds_num != tab->rebuilds_num) {
   1477             entries = tab->entries;
   1478             packed_p = tab->bins == NULL;
(lldb) bt 64
* thread #1: tid = 0x7f24b, 0x00000001001870e1 miniruby`st_foreach_check(tab=0x0000000100506590, func=(miniruby`hash_foreach_iter at hash.c:376), arg=140734791418320, never=<unavailable>) + 129 at st.c:1475, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=2, address=0x7fff5f3ffff8)
  * frame #0: 0x00000001001870e1 miniruby`st_foreach_check(tab=0x0000000100506590, func=(miniruby`hash_foreach_iter at hash.c:376), arg=140734791418320, never=<unavailable>) + 129 at st.c:1475
    frame #1: 0x00000001000a4b9f miniruby`hash_foreach_call(arg=<unavailable>) + 31 at hash.c:417
    frame #2: 0x0000000100086d8d miniruby`rb_ensure(b_proc=(miniruby`hash_foreach_call at hash.c:415), data1=140734791418320, e_proc=<unavailable>, data2=<unavailable>) + 189 at eval.c:923
    frame #3: 0x00000001000a8748 miniruby`rb_hash_rehash(hash=4305331960) + 184 at hash.c:434
    frame #4: 0x00000001000a88a8 miniruby`rb_hash_initialize_copy(hash=4305331960, hash2=<unavailable>) + 280 at hash.c:1643
    frame #5: 0x00000001001ffbc3 miniruby`vm_call0_body + 156 at vm_eval.c:131
    frame #6: 0x00000001001ffb27 miniruby`vm_call0_body [inlined] vm_call0_cfunc(argv=0x00007fff5f4003a0, cc=<unavailable>, ci=<unavailable>, calling=<unavailable>, th=0x0000000100600460)
    frame #7: 0x00000001001ffb27 miniruby`vm_call0_body(th=0x0000000100600460, calling=<unavailable>, ci=<unavailable>, cc=<unavailable>, argv=0x00007fff5f4003a0) + 519
    frame #8: 0x00000001002003bd miniruby`rb_call0 + 189 at vm_eval.c:61
    frame #9: 0x0000000100200387 miniruby`rb_call0(recv=4305331960, mid=3121, argc=1, argv=0x00007fff5f4003a0, scope=CALL_FCALL, self=<unavailable>) + 135
    frame #10: 0x0000000100200ab4 miniruby`rb_funcall + 260 at vm_eval.c:628
    frame #11: 0x0000000100200a8c miniruby`rb_funcall(recv=4305331960, mid=<unavailable>, n=<unavailable>) + 220
    frame #12: 0x00000001000effe8 miniruby`rb_obj_init_dup_clone(obj=4305331960, orig=<unavailable>) + 24 at object.c:469
    frame #13: 0x00000001001ffbc3 miniruby`vm_call0_body + 156 at vm_eval.c:131
    frame #14: 0x00000001001ffb27 miniruby`vm_call0_body [inlined] vm_call0_cfunc(argv=0x00007fff5f4005e0, cc=<unavailable>, ci=<unavailable>, calling=<unavailable>, th=0x0000000100600460)
    frame #15: 0x00000001001ffb27 miniruby`vm_call0_body(th=0x0000000100600460, calling=<unavailable>, ci=<unavailable>, cc=<unavailable>, argv=0x00007fff5f4005e0) + 519
    frame #16: 0x00000001002003bd miniruby`rb_call0 + 189 at vm_eval.c:61
    frame #17: 0x0000000100200387 miniruby`rb_call0(recv=4305331960, mid=3153, argc=1, argv=0x00007fff5f4005e0, scope=CALL_FCALL, self=<unavailable>) + 135
    frame #18: 0x0000000100200ab4 miniruby`rb_funcall + 260 at vm_eval.c:628
    frame #19: 0x0000000100200a8c miniruby`rb_funcall(recv=4305331960, mid=<unavailable>, n=<unavailable>) + 220
    frame #20: 0x00000001000f3ef3 miniruby`rb_obj_dup(obj=4305332320) + 99 at object.c:430
    frame #21: 0x00000001001f07bf miniruby`vm_call_cfunc + 190 at vm_insnhelper.c:1752
    frame #22: 0x00000001001f0701 miniruby`vm_call_cfunc(th=0x0000000100600460, reg_cfp=0x00000001007fff40, calling=<unavailable>, ci=0x000000010064d810, cc=<unavailable>) + 49
    frame #23: 0x00000001001f7819 miniruby`vm_exec_core(th=0x0000000100600460, initial=<unavailable>) + 5977 at insns.def:1066
    frame #24: 0x00000001001fce5a miniruby`vm_exec(th=0x0000000100600460) + 138 at vm.c:1712
    frame #25: 0x00000001001ffb07 miniruby`vm_call0_body(th=0x0000000100600460, calling=0x00007fff5f400e10, ci=0x00007fff5f400e00, cc=<unavailable>, argv=0x0000000000000000) + 487 at vm_eval.c:176
    frame #26: 0x00000001002003bd miniruby`rb_call0 + 189 at vm_eval.c:61
    frame #27: 0x0000000100200387 miniruby`rb_call0(recv=4305332320, mid=14865, argc=0, argv=0x0000000000000000, scope=CALL_FCALL, self=<unavailable>) + 135
    frame #28: 0x00000001000d36ee miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37384) + 270 at marshal.c:716
    frame #29: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37383) + 319 at marshal.c:718
    frame #30: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37382) + 319 at marshal.c:718
    frame #31: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37381) + 319 at marshal.c:718
    frame #32: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37380) + 319 at marshal.c:718
    frame #33: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37379) + 319 at marshal.c:718
    frame #34: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37378) + 319 at marshal.c:718
    frame #35: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37377) + 319 at marshal.c:718
    frame #36: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37376) + 319 at marshal.c:718
    frame #37: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37375) + 319 at marshal.c:718
    frame #38: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37374) + 319 at marshal.c:718
    frame #39: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37373) + 319 at marshal.c:718
    frame #40: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37372) + 319 at marshal.c:718
    frame #41: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37371) + 319 at marshal.c:718
    frame #42: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37370) + 319 at marshal.c:718
    frame #43: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37369) + 319 at marshal.c:718
    frame #44: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37368) + 319 at marshal.c:718
    frame #45: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37367) + 319 at marshal.c:718
    frame #46: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37366) + 319 at marshal.c:718
    frame #47: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37365) + 319 at marshal.c:718
    frame #48: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37364) + 319 at marshal.c:718
    frame #49: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37363) + 319 at marshal.c:718
    frame #50: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37362) + 319 at marshal.c:718
    frame #51: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37361) + 319 at marshal.c:718
    frame #52: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37360) + 319 at marshal.c:718
    frame #53: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37359) + 319 at marshal.c:718
    frame #54: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37358) + 319 at marshal.c:718
    frame #55: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37357) + 319 at marshal.c:718
    frame #56: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37356) + 319 at marshal.c:718
    frame #57: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37355) + 319 at marshal.c:718
    frame #58: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37354) + 319 at marshal.c:718
    frame #59: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37353) + 319 at marshal.c:718
    frame #60: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37352) + 319 at marshal.c:718
    frame #61: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37351) + 319 at marshal.c:718
    frame #62: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37350) + 319 at marshal.c:718
    frame #63: 0x00000001000d371f miniruby`w_object(obj=<unavailable>, arg=0x000000010064d7b0, limit=-37349) + 319 at marshal.c:718
(lldb)
Actions #2

Updated by nobu (Nobuyoshi Nakada) over 5 years ago

  • Status changed from Open to Closed

Applied in changeset r56894.


marshal.c: fix infinite recursion

  • marshal.c (check_userdump_arg): marshal_dump should not return
    an instance of the same class, otherwise it causes infinite
    recursion. [ruby-core:78289] [Bug #12974]

Updated by nobu (Nobuyoshi Nakada) over 5 years ago

  • Backport changed from 2.1: UNKNOWN, 2.2: UNKNOWN, 2.3: UNKNOWN to 2.1: REQUIRED, 2.2: REQUIRED, 2.3: REQUIRED

Updated by usa (Usaku NAKAMURA) over 5 years ago

  • Backport changed from 2.1: REQUIRED, 2.2: REQUIRED, 2.3: REQUIRED to 2.1: REQUIRED, 2.2: DONE, 2.3: REQUIRED

ruby_2_2 r57211 merged revision(s) 56894.

Updated by nagachika (Tomoyuki Chikanaga) over 5 years ago

  • Backport changed from 2.1: REQUIRED, 2.2: DONE, 2.3: REQUIRED to 2.1: REQUIRED, 2.2: DONE, 2.3: DONE

ruby_2_3 r57343 merged revision(s) 56894.

Actions

Also available in: Atom PDF