https://bugs.ruby-lang.org/
https://bugs.ruby-lang.org/favicon.ico?1711330511
2018-10-24T00:03:44Z
Ruby Issue Tracking System
Ruby master - Bug #15248: Segfault/memory corruption in vm.c:1946
https://bugs.ruby-lang.org/issues/15248?journal_id=74592
2018-10-24T00:03:44Z
wanabe (_ wanabe)
s.wanabe@gmail.com
<ul></ul><p>I guess this is as same as <a class="issue tracker-1 status-5 priority-4 priority-default closed" title="Bug: Heap buffer overflow (write of size 8) in vm.inc (Closed)" href="https://bugs.ruby-lang.org/issues/15245">#15245</a>.</p>
<pre><code>$ echo -n "2557 0024 7f54 0020 7c7c 6e54 5a20 7768 696c 6523 4054 456d 6520 7e6f 5b0a 0a0a 0a0a 0a0a 0a69 3d31"|xxd -r -p|ruby --dump=insns
-:9: warning: found `= literal' in conditional, should be ==
== disasm: #<ISeq:<main>@-:1 (1,0)-(9,3)> (catch: FALSE)
== catch table
| catch type: break st: 0006 ed: 0015 sp: 0000 cont: 0015
| catch type: next st: 0006 ed: 0015 sp: 0000 cont: 0003
| catch type: redo st: 0006 ed: 0015 sp: 0000 cont: 0006
|------------------------------------------------------------------------
local table (size: 1, argc: 0 [opts: 0, rest: -1, post: 0, block: -1, kw: -1@-1, kwrest: -1])
[ 1] i@0
0000 jump 8 ( 1)[Li]
0002 putnil
0003 pop
0004 jump 8
0006 putstring "$\u007FT"
0008 putobject_INT2FIX_1_ ( 9)
0009 dup
0010 setlocal_WC_0 i@0
0012 branchif 6
0014 putnil ( 1)
0015 leave
</code></pre>
Ruby master - Bug #15248: Segfault/memory corruption in vm.c:1946
https://bugs.ruby-lang.org/issues/15248?journal_id=74594
2018-10-24T09:54:49Z
nobu (Nobuyoshi Nakada)
nobu@ruby-lang.org
<ul><li><strong>Is duplicate of</strong> <i><a class="issue tracker-1 status-5 priority-4 priority-default closed" href="/issues/15245">Bug #15245</a>: Heap buffer overflow (write of size 8) in vm.inc</i> added</li></ul>
Ruby master - Bug #15248: Segfault/memory corruption in vm.c:1946
https://bugs.ruby-lang.org/issues/15248?journal_id=74596
2018-10-24T10:38:45Z
nobu (Nobuyoshi Nakada)
nobu@ruby-lang.org
<ul><li><strong>Status</strong> changed from <i>Open</i> to <i>Closed</i></li></ul><p>Applied in changeset trunk|r65350.</p>
<hr>
<p>compile.c: fix peephole optimization</p>
<ul>
<li>compile.c (iseq_peephole_optimize): should <code>pop</code> before jump<br>
instruction which succeeds to <code>newarray</code> of a literal object,<br>
not after. <a href="/issues/15245">[ruby-core:89536]</a> [Bug <a class="issue tracker-1 status-5 priority-4 priority-default closed" title="Bug: Heap buffer overflow (write of size 8) in vm.inc (Closed)" href="https://bugs.ruby-lang.org/issues/15245">#15245</a>]</li>
</ul>