Project

General

Profile

Actions

Bug #14100

closed

segfault in vm_exec during compile

Added by geeknik (Brian Carpenter) about 7 years ago. Updated over 5 years ago.

Status:
Closed
Assignee:
-
Target version:
-
[ruby-core:83738]

Description

While attempting to compile Ruby e16bd0f on Ubuntu 17.04 x64 with afl-clang-fast, which is just a wrapper for clang version 6.0.0 (trunk 315613), a wild segfault appeared.

ASAN_OPTIONS=detect_leaks=0 AFL_PATH=/root/afl-2.51b CC=afl-clang-fast CFLAGS="-O0 -fno-omit-frame-pointer -g3 -fsanitize=address -fsanitize-coverage=trace-pc-guard" LD=afl-clang-fast LDFLAGS="-O0 -fno-omit-frame-pointer -g3 -fsanitize=address -fsanitize-coverage=trace-pc-guard" ./configure

configure: ruby library version = 2.5.0
configure: creating ./config.status
config.status: creating GNUmakefile
config.status: creating Makefile
config.status: creating ruby-2.5.pc
---
Configuration summary for ruby version 2.5.0

   * Installation prefix: /usr/local
   * exec prefix:         ${prefix}
   * arch:                x86_64-linux
   * site arch:           ${arch}
   * RUBY_BASE_NAME:      ruby
   * ruby lib prefix:     ${libdir}/${RUBY_BASE_NAME}
   * site libraries path: ${rubylibprefix}/${sitearch}
   * vendor path:         ${rubylibprefix}/vendor_ruby
   * target OS:           linux
   * compiler:            afl-clang-fast
   * with pthread:        yes
   * enable shared libs:  no
   * dynamic library ext: so
   * CFLAGS:              ${optflags} ${debugflags} ${warnflags}
   * LDFLAGS:             -L. -O0 -fno-omit-frame-pointer -g3 \
                          -fsanitize=address \
                          -fsanitize-coverage=trace-pc-guard \
                          -fstack-protector -rdynamic -Wl,-export-dynamic
   * optflags:            -O3
   * debugflags:          -ggdb3
   * warnflags:           -Wall -Wextra -Wno-unused-parameter \
                          -Wno-parentheses -Wno-long-long \
                          -diag-disable=2259 \
                          -Wno-missing-field-initializers \
                          -Wno-tautological-compare \
                          -Wno-parentheses-equality \
                          -Wno-constant-logical-operand -Wno-self-assign \
                          -Wunused-variable -Werror=implicit-int \
                          -Werror=pointer-arith -Werror=write-strings \
                          -Werror=declaration-after-statement \
                          -Werror=shorten-64-to-32 \
                          -Werror=implicit-function-declaration \
                          -Werror=division-by-zero \
                          -Werror=deprecated-declarations \
                          -Werror=extra-tokens
   * strip command:       strip -S -x
   * install doc:         yes
   * man page type:       doc

make clean all


*SNIP*

afl-clang-fast [tpcg] 2.51b by <lszekeres@google.com>
./revision.h unchanged
generating encdb.h
AddressSanitizer:DEADLYSIGNAL
=================================================================
==13885==ERROR: AddressSanitizer: SEGV on unknown address 0x10009b8c7812 (pc 0x563a634a0191 bp 0x7ffcdc6bc370 sp 0x7ffcdc6bc000 T0)
==13885==The signal is caused by a WRITE memory access.
    #0 0x563a634a0190 in vm_exec /root/ruby/vm.c:2022:5
    #1 0x563a63079fb1 in rb_load_internal0 /root/ruby/load.c:620:2
    #2 0x563a6307ba5b in rb_require_internal /root/ruby/load.c:1003:15
    #3 0x563a6307a304 in rb_require_safe /root/ruby/load.c:1049:18
    #4 0x563a6307a304 in rb_f_require /root/ruby/load.c:831
    #5 0x563a634b461e in vm_call_cfunc_with_frame /root/ruby/./vm_insnhelper.c:1924:11
    #6 0x563a634b461e in vm_call_cfunc /root/ruby/./vm_insnhelper.c:1940
    #7 0x563a634ad7c4 in vm_call_method /root/ruby/./vm_insnhelper.c
    #8 0x563a6345b9e9 in vm_exec_core /root/ruby/insns.def:933:5
    #9 0x563a6349dd1f in vm_exec /root/ruby/vm.c:1797:11
    #10 0x563a63079fb1 in rb_load_internal0 /root/ruby/load.c:620:2
    #11 0x563a6307ba5b in rb_require_internal /root/ruby/load.c:1003:15
    #12 0x563a6307a304 in rb_require_safe /root/ruby/load.c:1049:18
    #13 0x563a6307a304 in rb_f_require /root/ruby/load.c:831
    #14 0x563a634b461e in vm_call_cfunc_with_frame /root/ruby/./vm_insnhelper.c:1924:11
    #15 0x563a634b461e in vm_call_cfunc /root/ruby/./vm_insnhelper.c:1940
    #16 0x563a634ad7c4 in vm_call_method /root/ruby/./vm_insnhelper.c
    #17 0x563a6345b9e9 in vm_exec_core /root/ruby/insns.def:933:5
    #18 0x563a6349dd1f in vm_exec /root/ruby/vm.c:1797:11
    #19 0x563a62f69496 in ruby_exec_internal /root/ruby/eval.c:246:2
    #20 0x563a62f69496 in ruby_exec_node /root/ruby/eval.c:310
    #21 0x563a62f68f9c in ruby_run_node /root/ruby/eval.c:302:25
    #22 0x563a62d8ebb2 in main /root/ruby/./main.c:42:9
    #23 0x7fbef27d13f0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x203f0)
    #24 0x563a62cbf779 in _start (/root/ruby/miniruby+0x11f779)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/ruby/vm.c:2022:5 in vm_exec
==13885==ABORTING
uncommon.mk:933: recipe for target 'encdb.h' failed
make: *** [encdb.h] Error 1
Actions #1

Updated by jeremyevans0 (Jeremy Evans) over 5 years ago

  • Status changed from Open to Closed
Actions

Also available in: Atom PDF

Like0
Like0