Project

General

Profile

Actions

Bug #14660

closed

RubyVM::InstructionSequence.load_from_binary(bin).eval may cause SEGV after r62856

Added by wanabe (_ wanabe) almost 6 years ago. Updated almost 6 years ago.

Status:
Closed
Assignee:
-
Target version:
-
[ruby-core:86437]

Description

A certain script can cause SEGV when ISeq#to_binary -> load_from_binary -> eval.

$ ./miniruby -ve 'str = "class P; def p; end; def q; end; E = \"\"; N = \"\#{E}\"; attr_reader :i; end"; iseq = RubyVM::InstructionSequence.compile(str); bin = iseq.to_binary; RubyVM::InstructionSequence.load_from_binary(bin).eval'
ruby 2.6.0dev (2018-04-02 trunk 63063) [x86_64-linux]
Segmentation fault (core dumped)

(Note above script is shortened version of "minitest/pride_plugin.rb")

git bisect shows it is since r62856, but I don't know the commit is "bad" or not.
It may make apparent a hidden bug, or increase the probability of reproduction.

Updated by nobu (Nobuyoshi Nakada) almost 6 years ago

It's since r62851.

Actions #2

Updated by nobu (Nobuyoshi Nakada) almost 6 years ago

  • Status changed from Open to Closed

Applied in changeset trunk|r63075.


Reproducible test for [Feature#14370] @ [Bug #14660]

Updated by nobu (Nobuyoshi Nakada) almost 6 years ago

  • Status changed from Closed to Open

It's probably a bug of IBF, and has been revealed by [Feature#14370], I guess.

Actions #4

Updated by nobu (Nobuyoshi Nakada) almost 6 years ago

  • Status changed from Open to Closed

Applied in changeset trunk|r63103.


compile.c: fix positions encode

  • compile.c (ibf_load_iseq_each): iseq_size necessary to encode
    positions is set in ibf_load_code(). [Bug #14660]
Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0