Project

General

Profile

Bug #15406

Loaded iseq may cause SEGV on GC

Added by wanabe (_ wanabe) 2 months ago. Updated 2 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
ruby -v:
ruby 2.6.0dev (2018-12-13 trunk 66370) [x86_64-linux]
[ruby-core:90456]

Description

Attached test.rb causes SEGV on trunk r66370.
test.log is stderr log.

I don't known what [0, 13, 0] means, but I guess environment dependent.
./miniruby test.rb 4 17 0 also causes SEGV on mn environment but ./miniruby test.rb 4 16 0 doesn't.

Note:
I've found the issue during the investigation of #15395, but I don't know it is related or not.


Files

test.rb (282 Bytes) test.rb wanabe (_ wanabe), 12/12/2018 08:43 PM
test.log (10.5 KB) test.log wanabe (_ wanabe), 12/12/2018 08:46 PM

Associated revisions

Revision 589042c0
Added by tenderlove 2 months ago

Don't increment code_index

code_index doesn't need to be incremented since the mark array has
been removed. Thanks for the patch ko1!

[ruby-core:90456] [Bug #15406]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66376 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Revision 66376
Added by tenderlovemaking (Aaron Patterson) 2 months ago

Don't increment code_index

code_index doesn't need to be incremented since the mark array has
been removed. Thanks for the patch ko1!

[ruby-core:90456] [Bug #15406]

Revision 66376
Added by tenderlove 2 months ago

Don't increment code_index

code_index doesn't need to be incremented since the mark array has
been removed. Thanks for the patch ko1!

[ruby-core:90456] [Bug #15406]

History

Updated by ko1 (Koichi Sasada) 2 months ago

This patch will fix.
Aaron, could you confirm it?

Index: compile.c
===================================================================
--- compile.c   (revision 66375)
+++ compile.c   (working copy)
@@ -8786,7 +8786,6 @@ ibf_load_code(const struct ibf_load *loa
        /* code[code_index] = op; */
        continue;
        }
-       load_body->iseq_size = code_index + 1;
    }
    if (insn_len(insn) != op_index+1) {
        rb_raise(rb_eRuntimeError, "operand size mismatch");

#2

Updated by tenderlovemaking (Aaron Patterson) 2 months ago

  • Status changed from Open to Closed

Applied in changeset trunk|r66376.


Don't increment code_index

code_index doesn't need to be incremented since the mark array has
been removed. Thanks for the patch ko1!

[ruby-core:90456] [Bug #15406]

Updated by tenderlovemaking (Aaron Patterson) 2 months ago

ko1 (Koichi Sasada) wrote:

This patch will fix.
Aaron, could you confirm it?

I bisected this and r62851 introduced the issue. The patch makes sense, so I applied it in r66376. Thanks ko1!

Also available in: Atom PDF