Project

General

Profile

Actions
Copy link

Bug #15237

closed

Extreme memory/CPU utilization when calculating some exponents

Added by bannable (Joe Truba) over 5 years ago. Updated over 5 years ago.

Status:
Rejected
Assignee:
-
Target version:
-
ruby -v:
ruby 2.6.0dev (2018-10-16 trunk 65097) [x86_64-linux]
Backport:
2.3: UNKNOWN, 2.4: UNKNOWN, 2.5: UNKNOWN
[ruby-core:<unknown>]

Description

During a recent fuzzing session, AFL identified a simple input which causes extreme memory and CPU utilization when processing certain exponentiation operations.

When running ruby against the reproducer below, ruby will consume 100% of available CPU and allocate continually larger portions of memory. I'm not actually sure if this exits or not -- so far I've let it run for up to 10 minutes and it hasn't exited. My rubies are compiled with jemalloc, so I expect that the memory allocations would be significantly larger for rubies compiled without.

Reproducer:

jtruba@dev118:~/rubies/ruby-trunk$ cat ../repro
-888888888888888i**88888888888888
jtruba@dev118:~/rubies/ruby-trunk$ xxd ../repro
00000000: 2d38 3838 3838 3838 3838 3838 3838 3838  -888888888888888
00000010: 692a 2a38 3838 3838 3838 3838 3838 3838  i**8888888888888
00000020: 380a                                     8.

Memory usage over time:

jtruba@dev118:~/rubies/ruby-trunk$ while true; do ps ef -o command,vsize,rss,%mem,size | grep "[r]epro"; sleep 5; done
 \_ ./ruby ../repro MODULE_ 188100 90504  0.1 156108
 \_ ./ruby ../repro MODULE_ 794308 488896  0.7 762316
 \_ ./ruby ../repro MODULE_ 1310404 546368  0.8 1278412
 \_ ./ruby ../repro MODULE_ 1625796 852828  1.3 1593804
 \_ ./ruby ../repro MODULE_ 2301636 1342196  2.0 2269644
 \_ ./ruby ../repro MODULE_ 2989764 1945696  3.0 2957772
 \_ ./ruby ../repro MODULE_ 2989764 1374148  2.1 2957772
# 1G rss, 1.5G vsize at 2m30s
 \_ ./ruby ../repro MODULE_ 15072964 10132860 15.7 15040972
Actions
Copy link
 #1 [ruby-core:89480]

Updated by bannable (Joe Truba) over 5 years ago

Small correction: The comment about units is off a magnitude. It's 10 Gb rss and 15 Gb vss at 2m30s.

Actions
Copy link
 #2 [ruby-core:89485]

Updated by nobu (Nobuyoshi Nakada) over 5 years ago

  • Status changed from Open to Rejected

Note that ruby provides bignum arithmetic.

(Math.log(888888888888888, 2)*88888888888888/(8*1024**4)) => 501.8288237894379

That result will consume 500TiB finally, without working memory.

Actions
Copy link
 #3 [ruby-core:89551]

Updated by bannable (Joe Truba) over 5 years ago

This seems to have been fixed in r65190.

$ ./ruby --version
ruby 2.6.0dev (2018-10-24 trunk 65355) [x86_64-linux]
$ ./ruby -e '-888888888888888i**88888888888888'
-e:1: warning: in a**b, b may be too big
$
Actions
Copy link

Also available in: Atom PDF

Like0
Like0Like0Like0