Project

General

Profile

Bug #14660

RubyVM::InstructionSequence.load_from_binary(bin).eval may cause SEGV after r62856

Added by wanabe (_ wanabe) about 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
[ruby-core:86437]

Description

A certain script can cause SEGV when ISeq#to_binary -> load_from_binary -> eval.

$ ./miniruby -ve 'str = "class P; def p; end; def q; end; E = \"\"; N = \"\#{E}\"; attr_reader :i; end"; iseq = RubyVM::InstructionSequence.compile(str); bin = iseq.to_binary; RubyVM::InstructionSequence.load_from_binary(bin).eval'
ruby 2.6.0dev (2018-04-02 trunk 63063) [x86_64-linux]
Segmentation fault (core dumped)

(Note above script is shortened version of "minitest/pride_plugin.rb")

git bisect shows it is since r62856, but I don't know the commit is "bad" or not.
It may make apparent a hidden bug, or increase the probability of reproduction.

Updated by nobu (Nobuyoshi Nakada) about 2 years ago

It's since r62851.

#2

Updated by nobu (Nobuyoshi Nakada) about 2 years ago

  • Status changed from Open to Closed

Applied in changeset trunk|r63075.


Reproducible test for [Feature#14370] @ [Bug #14660]

Updated by nobu (Nobuyoshi Nakada) about 2 years ago

  • Status changed from Closed to Open

It's probably a bug of IBF, and has been revealed by [Feature#14370], I guess.

#4

Updated by nobu (Nobuyoshi Nakada) about 2 years ago

  • Status changed from Open to Closed

Applied in changeset trunk|r63103.


compile.c: fix positions encode

  • compile.c (ibf_load_iseq_each): iseq_size necessary to encode positions is set in ibf_load_code(). [Bug #14660]

Also available in: Atom PDF