Project

General

Profile

Actions

Bug #13084

closed

String cast to Rational on 2.4.0p0 results in SegFault with Mathn required

Added by burningpony (Russell Osborne) over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
ruby -v:
ruby 2.4.0p0 (2016-12-24 revision 57164) [x86_64-darwin16]
[ruby-core:78893]

Description

See the below example, while mathn is required recasting a string into a Rational causes a SegFault. Remove mathn and the code will not crash.

require 'mathn'

# Both result in Segfault
Rational("5/5")
"5/5".to_r

segfault_test.rb:5: [BUG] Segmentation fault at 0x0000000000001b
ruby 2.4.0p0 (2016-12-24 revision 57164) [x86_64-darwin16]

-- Crash Report log information --------------------------------------------
See Crash Report log file under the one of following:
* ~/Library/Logs/CrashReporter
* /Library/Logs/CrashReporter
* ~/Library/Logs/DiagnosticReports
* /Library/Logs/DiagnosticReports
for more details.
Don't forget to include the above Crash Report log file in bug reports.

-- Control frame information -----------------------------------------------
c:0003 p:---- s:0010 e:000009 CFUNC :to_r
c:0002 p:0016 s:0006 e:000005 EVAL segfault_test.rb:5 [FINISH]
c:0001 p:0000 s:0003 E:0022d0 (none) [FINISH]

-- Ruby level backtrace information ----------------------------------------
segfault_test.rb:5:in <main>' segfault_test.rb:5:in to_r'

-- Machine register context ------------------------------------------------
rax: 0x0000000000000000 rbx: 0x000000000000000b rcx: 0xaf82f5dc522c0078
rdx: 0x00007fff5106bcc1 rdi: 0x000000000000000b rsi: 0x000000000000000b
rbp: 0x00007fff5106bd10 rsp: 0x00007fff5106bcf0 r8: 0x00007fff5106bc4c
r9: 0x000000000000000a r10: 0x0000000000000005 r11: 0x000000000000000a
r12: 0x0000000000004000 r13: 0x000000000000003f r14: 0x000000000000000b
r15: 0x00007fff5106bd98 rip: 0x000000010ec9f90a rfl: 0x0000000000010246

-- C level backtrace information -------------------------------------------
0 ruby 0x000000010ed5efe4 rb_vm_bugreport + 388
1 ruby 0x000000010ebf93da rb_bug_context + 490
2 ruby 0x000000010ecdaf48 sigsegv + 72
3 libsystem_platform.dylib 0x00007fffba3b2bba _sigtramp + 26
4 ruby 0x000000010ec9f90a nurat_div + 266
5 ruby 0x000000010ec9eb71 parse_rat + 593
6 ruby 0x000000010eca1a91 string_to_r + 145
7 ruby 0x000000010ed5246e vm_call_cfunc + 302
8 ruby 0x000000010ed3c78c vm_exec_core + 11932
9 ruby 0x000000010ed4cfc4 vm_exec + 116
10 ruby 0x000000010ec02028 ruby_exec_internal + 136
11 ruby 0x000000010ec01f46 ruby_run_node + 54
12 ruby 0x000000010eb935cf main + 79

-- Other runtime information -----------------------------------------------

  • Loaded script: segfault_test.rb

  • Loaded features:

    0 enumerator.so
    1 thread.rb
    2 rational.so
    3 complex.so
    4 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/x86_64-darwin16/enc/encdb.bundle
    5 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/x86_64-darwin16/enc/trans/transdb.bundle
    6 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/unicode_normalize.rb
    7 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/x86_64-darwin16/rbconfig.rb
    8 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/rubygems/compatibility.rb
    9 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/rubygems/defaults.rb
    10 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/rubygems/deprecate.rb
    11 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/rubygems/errors.rb
    12 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/rubygems/version.rb
    13 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/rubygems/requirement.rb
    14 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/rubygems/platform.rb
    15 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/rubygems/basic_specification.rb
    16 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/rubygems/stub_specification.rb
    17 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/rubygems/util/list.rb
    18 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/x86_64-darwin16/stringio.bundle
    19 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/rubygems/specification.rb
    20 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/rubygems/exceptions.rb
    21 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/rubygems/dependency.rb
    22 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/rubygems/core_ext/kernel_gem.rb
    23 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/monitor.rb
    24 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/rubygems/core_ext/kernel_require.rb
    25 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/rubygems.rb
    26 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/rubygems/path_support.rb
    27 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/did_you_mean-1.1.0/lib/did_you_mean/version.rb
    28 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/did_you_mean-1.1.0/lib/did_you_mean/core_ext/name_error.rb
    29 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/did_you_mean-1.1.0/lib/did_you_mean/levenshtein.rb
    30 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/did_you_mean-1.1.0/lib/did_you_mean/jaro_winkler.rb
    31 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/did_you_mean-1.1.0/lib/did_you_mean/spell_checker.rb
    32 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/delegate.rb
    33 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/did_you_mean-1.1.0/lib/did_you_mean/spell_checkers/name_error_checkers/class_name_checker.rb
    34 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/did_you_mean-1.1.0/lib/did_you_mean/spell_checkers/name_error_checkers/variable_name_checker.rb
    35 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/did_you_mean-1.1.0/lib/did_you_mean/spell_checkers/name_error_checkers.rb
    36 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/did_you_mean-1.1.0/lib/did_you_mean/spell_checkers/method_name_checker.rb
    37 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/did_you_mean-1.1.0/lib/did_you_mean/spell_checkers/null_checker.rb
    38 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/did_you_mean-1.1.0/lib/did_you_mean/formatter.rb
    39 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/did_you_mean-1.1.0/lib/did_you_mean.rb
    40 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/cmath.rb
    41 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/e2mmap.rb
    42 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/matrix.rb
    43 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/singleton.rb
    44 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/forwardable/impl.rb
    45 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/forwardable.rb
    46 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/prime.rb
    47 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/x86_64-darwin16/mathn/rational.bundle
    48 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/x86_64-darwin16/mathn/complex.bundle
    49 /Users/rposborne/.rbenv/versions/2.4.0/lib/ruby/2.4.0/mathn.rb

[NOTE]
You may have encountered a bug in the Ruby interpreter or extension libraries.
Bug reports are welcome.
For details: http://www.ruby-lang.org/bugreport.html

[1] 1319 abort ruby segfault_test.rb

Updated by burningpony (Russell Osborne) over 5 years ago

Can be replicated on Linux via Docker

Below Segfaults

docker run -it ruby:slim ruby -e 'require "mathn"; p Rational("5/5");'

Below Returns Expected Result

docker run -it ruby:slim ruby -e 'p Rational("5/5");'

Updated by burningpony (Russell Osborne) over 5 years ago

  • Subject changed from String Cast to Rational on 2.4.0p0 results in SegFault with Mathn Required to String cast to Rational on 2.4.0p0 results in SegFault with Mathn required
Actions #3

Updated by nobu (Nobuyoshi Nakada) over 5 years ago

  • Status changed from Open to Closed

Applied in changeset r57232.


rational.c: fix for mathn

  • rational.c (read_num, read_rat_nos): dispatch by the type of numerator, for
    mathn. [ruby-core:78893] [Bug #13084]

Updated by naruse (Yui NARUSE) over 5 years ago

  • Backport changed from 2.2: UNKNOWN, 2.3: UNKNOWN, 2.4: UNKNOWN to 2.2: UNKNOWN, 2.3: UNKNOWN, 2.4: DONE

ruby_2_4 r57843 merged revision(s) 57232.

Actions

Also available in: Atom PDF