Project

General

Profile

Actions
Copy link

Bug #20234

closed

Segfault parsing begin statement inside method definition receiver

Added by tompng (tomoya ishida) 3 months ago. Updated 2 months ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
ruby 3.4.0dev (2024-02-02T05:26:20Z master ccffc6ee09) [x86_64-linux]
Backport:
3.0: UNKNOWN, 3.1: UNKNOWN, 3.2: UNKNOWN, 3.3: UNKNOWN
[ruby-core:116559]

Description

Segmentation fault parsing these code in Ruby 3.3.0 and 3.4.0dev

# Segmentation fault
ruby -ce "def (begin;end).foo; end"
ruby -ce "def (begin;else;end).foo; end"
ruby -ce "def (begin;ensure;else;end).foo; end"
ruby -e "RubyVM::AbstractSyntaxTree.parse('def (begin;end).foo; end')"

# Ripper is OK
ruby -rripper -e "p Ripper.sexp('def (begin;end).foo; end')"

# Syntax OK
ruby -ce "def (begin;rescue;end).foo; end"
ruby -ce "def (begin;ensure;end).foo; end"
ruby -ce "def (begin;rescue;else;end).foo; end"

# ruby -ce "def (begin;end).foo; end"
ruby: [BUG] Segmentation fault at 0x0000000000000000
ruby 3.4.0dev (2024-02-02T05:26:20Z master ccffc6ee09) [x86_64-linux]

-- Control frame information -----------------------------------------------
c:0001 p:0000 s:0003 E:001940 DUMMY  [FINISH]


-- Threading information ---------------------------------------------------
Total ractor count: 1
Ruby thread count for this ractor: 1

-- Machine register context ------------------------------------------------
 RIP: 0x000000400189b2d8 RBP: 0xfffffffffffffffd RSP: 0x0000004001802d80
 RAX: 0x0000000000000012 RBX: 0x0000004001803098 RCX: 0x0000004001cb6bb4
 RDX: 0x0000000000000000 RDI: 0x0000004001802ef0 RSI: 0x00000040000ba888
  R8: 0x0000000000000029  R9: 0x0000004001802ea0 R10: 0x0000004002192ef0
 R11: 0x00000000000003b9 R12: 0x00000040000bacbe R13: 0x00000040018030b0
 R14: 0x0000004001803720 R15: 0x00000040000ba340 EFL: 0x0000000000000246

-- C level backtrace information -------------------------------------------
/opt/ruby/lib/libruby.so.3.4(rb_print_backtrace+0x14) [0x4001b6fee1] /ruby/vm_dump.c:820
/opt/ruby/lib/libruby.so.3.4(rb_vm_bugreport) /ruby/vm_dump.c:1151
/opt/ruby/lib/libruby.so.3.4(rb_bug_for_fatal_signal+0x104) [0x4001962b44] /ruby/error.c:1065
/opt/ruby/lib/libruby.so.3.4(sigsegv+0x4d) [0x4001abb4cd] /ruby/signal.c:926
/lib/x86_64-linux-gnu/libc.so.6(0x400205c520) [0x400205c520]
/opt/ruby/lib/libruby.so.3.4(ruby_yyparse+0x32) [0x400189b2d8] ./include/ruby/internal/arithmetic/long.h:144
/opt/ruby/lib/libruby.so.3.4(yycompile0+0xf5) [0x4001a49025] /ruby/parse.y:7738
/opt/ruby/lib/libruby.so.3.4(rb_suppress_tracing+0x114) [0x4001b73654] /ruby/vm_trace.c:487
/opt/ruby/lib/libruby.so.3.4(yycompile+0x63) [0x4001a25b7b] /ruby/parse.y:7794
/opt/ruby/lib/libruby.so.3.4(parser_compile_string) /ruby/parse.y:7857
/opt/ruby/lib/libruby.so.3.4(rb_ruby_parser_compile_string_path) /ruby/parse.y:7864
/opt/ruby/lib/libruby.so.3.4(rb_ruby_parser_compile_string) /ruby/parse.y:7870
/opt/ruby/lib/libruby.so.3.4(rb_parser_compile_string+0x57) [0x4001a25d07] /ruby/parse.y:16200
/opt/ruby/lib/libruby.so.3.4(process_options+0xc29) [0x4001ab6469] /ruby/ruby.c:2288
/opt/ruby/lib/libruby.so.3.4(ruby_process_options+0x146) [0x4001ab7526] /ruby/ruby.c:3012
/opt/ruby/lib/libruby.so.3.4(ruby_options+0xcc) [0x400196f88c] /ruby/eval.c:118
/opt/ruby/bin/ruby(rb_main+0x19) [0x400000117f] ./main.c:39
/opt/ruby/bin/ruby(main) ./main.c:58
/lib/x86_64-linux-gnu/libc.so.6(0x4002043d90) [0x4002043d90]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x80) [0x4002043e40]
[0x40000011d5]

-- Other runtime information -----------------------------------------------

* Loaded script: ruby

* Loaded features:

    0 enumerator.so
    1 thread.rb
    2 fiber.so
    3 rational.so
    4 complex.so
    5 ruby2_keywords.rb
    6 /opt/ruby/lib/ruby/3.4.0+0/x86_64-linux/enc/encdb.so
    7 /opt/ruby/lib/ruby/3.4.0+0/x86_64-linux/enc/trans/transdb.so

* Process memory map:

4000000000-4000001000 r--p 00000000 fe:01 1690625                        /opt/ruby/bin/ruby
4000001000-4000002000 r-xp 00001000 fe:01 1690625                        /opt/ruby/bin/ruby
4000002000-4000003000 r--p 00002000 fe:01 1690625                        /opt/ruby/bin/ruby
4000003000-4000004000 r--p 00002000 fe:01 1690625                        /opt/ruby/bin/ruby
4000004000-4000005000 rw-p 00003000 fe:01 1690625                        /opt/ruby/bin/ruby
4000005000-40000cb000 rw-p 00000000 00:00 0                              
4001005000-4001006000 ---p 00000000 00:00 0                              
4001006000-4001806000 rw-p 00000000 00:00 0                              [stack]
4001806000-4001808000 r--p 00000000 fe:01 1584490                        /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
4001808000-4001832000 r-xp 00002000 fe:01 1584490                        /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
4001832000-400183d000 r--p 0002c000 fe:01 1584490                        /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
400183d000-400183e000 ---p 00000000 00:00 0                              
400183e000-4001840000 r--p 00037000 fe:01 1584490                        /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
4001840000-4001842000 rw-p 00039000 fe:01 1584490                        /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
4001842000-4001846000 rw-p 00000000 00:00 0                              
4001846000-4001892000 r--p 00000000 fe:01 1690976                        /opt/ruby/lib/libruby.so.3.4.0
4001892000-4001c9b000 r-xp 0004c000 fe:01 1690976                        /opt/ruby/lib/libruby.so.3.4.0
4001c9b000-4001e27000 r--p 00455000 fe:01 1690976                        /opt/ruby/lib/libruby.so.3.4.0
4001e27000-4001e3f000 r--p 005e0000 fe:01 1690976                        /opt/ruby/lib/libruby.so.3.4.0
4001e3f000-4001e43000 rw-p 005f8000 fe:01 1690976                        /opt/ruby/lib/libruby.so.3.4.0
4001e43000-4001e58000 rw-p 00000000 00:00 0                              
4001e5b000-4001e5d000 r--p 00000000 fe:01 1584639                        /usr/lib/x86_64-linux-gnu/libz.so.1.2.11
4001e5d000-4001e6e000 r-xp 00002000 fe:01 1584639                        /usr/lib/x86_64-linux-gnu/libz.so.1.2.11
4001e6e000-4001e74000 r--p 00013000 fe:01 1584639                        /usr/lib/x86_64-linux-gnu/libz.so.1.2.11
4001e74000-4001e75000 ---p 00019000 fe:01 1584639                        /usr/lib/x86_64-linux-gnu/libz.so.1.2.11
4001e75000-4001e76000 r--p 00019000 fe:01 1584639                        /usr/lib/x86_64-linux-gnu/libz.so.1.2.11
4001e76000-4001e77000 rw-p 0001a000 fe:01 1584639                        /usr/lib/x86_64-linux-gnu/libz.so.1.2.11
4001e77000-4001e81000 r--p 00000000 fe:01 1584537                        /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1
4001e81000-4001ee0000 r-xp 0000a000 fe:01 1584537                        /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1
4001ee0000-4001ef7000 r--p 00069000 fe:01 1584537                        /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1
4001ef7000-4001ef8000 r--p 0007f000 fe:01 1584537                        /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1
4001ef8000-4001ef9000 rw-p 00080000 fe:01 1584537                        /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1
4001ef9000-4001efb000 r--p 00000000 fe:01 1584517                        /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0
4001efb000-4001f0f000 r-xp 00002000 fe:01 1584517                        /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0
4001f0f000-4001f28000 r--p 00016000 fe:01 1584517                        /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0
4001f28000-4001f29000 ---p 0002f000 fe:01 1584517                        /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0
4001f29000-4001f2a000 r--p 0002f000 fe:01 1584517                        /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0
4001f2a000-4001f2b000 rw-p 00030000 fe:01 1584517                        /usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0
4001f2b000-4001f33000 rw-p 00000000 00:00 0                              
4001f33000-4001f41000 r--p 00000000 fe:01 1584560                        /usr/lib/x86_64-linux-gnu/libm.so.6
4001f41000-4001fbd000 r-xp 0000e000 fe:01 1584560                        /usr/lib/x86_64-linux-gnu/libm.so.6
4001fbd000-4002018000 r--p 0008a000 fe:01 1584560                        /usr/lib/x86_64-linux-gnu/libm.so.6
4002018000-4002019000 r--p 000e4000 fe:01 1584560                        /usr/lib/x86_64-linux-gnu/libm.so.6
4002019000-400201a000 rw-p 000e5000 fe:01 1584560                        /usr/lib/x86_64-linux-gnu/libm.so.6
400201a000-4002042000 r--p 00000000 fe:01 1584508                        /usr/lib/x86_64-linux-gnu/libc.so.6
4002042000-40021d7000 r-xp 00028000 fe:01 1584508                        /usr/lib/x86_64-linux-gnu/libc.so.6
40021d7000-400222f000 r--p 001bd000 fe:01 1584508                        /usr/lib/x86_64-linux-gnu/libc.so.6
400222f000-4002233000 r--p 00214000 fe:01 1584508                        /usr/lib/x86_64-linux-gnu/libc.so.6
4002233000-4002235000 rw-p 00218000 fe:01 1584508                        /usr/lib/x86_64-linux-gnu/libc.so.6
4002235000-4002244000 rw-p 00000000 00:00 0                              
4002244000-4002247000 r--p 00000000 fe:01 1584533                        /usr/lib/x86_64-linux-gnu/libgcc_s.so.1
4002247000-400225e000 r-xp 00003000 fe:01 1584533                        /usr/lib/x86_64-linux-gnu/libgcc_s.so.1
400225e000-4002262000 r--p 0001a000 fe:01 1584533                        /usr/lib/x86_64-linux-gnu/libgcc_s.so.1
4002262000-4002263000 r--p 0001d000 fe:01 1584533                        /usr/lib/x86_64-linux-gnu/libgcc_s.so.1
4002263000-4002264000 rw-p 0001e000 fe:01 1584533                        /usr/lib/x86_64-linux-gnu/libgcc_s.so.1
4002264000-4002368000 rw-p 00000000 00:00 0                              
4002370000-4002380000 rw-p 00000000 00:00 0                              
4002388000-401b7e9000 rw-p 00000000 00:00 0                              
401b7f0000-401b800000 rw-p 00000000 00:00 0                              
401b810000-401b820000 rw-p 00000000 00:00 0                              
401b830000-401b840000 rw-p 00000000 00:00 0                              
401b850000-401b860000 rw-p 00000000 00:00 0                              
401b870000-401b880000 rw-p 00000000 00:00 0                              
401b889000-401b88a000 ---p 00000000 00:00 0                              
401b88a000-401c08a000 rw-p 00000000 00:00 0                              
401c08a000-401c08b000 ---p 00000000 00:00 0                              
401c08b000-401c12c000 rw-p 00000000 00:00 0                              
401c12c000-401c12d000 ---p 00000000 00:00 0                              
401c12d000-401c1ce000 rw-p 00000000 00:00 0                              
401c1ce000-401c1cf000 ---p 00000000 00:00 0                              
401c1cf000-401c270000 rw-p 00000000 00:00 0                              
401c270000-401c271000 ---p 00000000 00:00 0                              
401c271000-401c312000 rw-p 00000000 00:00 0                              
401c312000-401c313000 ---p 00000000 00:00 0                              
401c313000-401c3b4000 rw-p 00000000 00:00 0                              
401c3b4000-401c3b5000 ---p 00000000 00:00 0                              
401c3b5000-401c456000 rw-p 00000000 00:00 0                              
401c456000-401c457000 ---p 00000000 00:00 0                              
401c457000-401c4f8000 rw-p 00000000 00:00 0                              
401c4f8000-401c4f9000 ---p 00000000 00:00 0                              
401c4f9000-401c59a000 rw-p 00000000 00:00 0                              
401c59a000-401c59b000 ---p 00000000 00:00 0                              
401c59b000-401c63c000 rw-p 00000000 00:00 0                              
401c63c000-401c63d000 ---p 00000000 00:00 0                              
401c63d000-401c6de000 rw-p 00000000 00:00 0                              
401c6de000-401c6df000 ---p 00000000 00:00 0                              
401c6df000-401c780000 rw-p 00000000 00:00 0                              
401c780000-401c781000 ---p 00000000 00:00 0                              
401c781000-401c822000 rw-p 00000000 00:00 0                              
401c822000-401c823000 ---p 00000000 00:00 0                              
401c823000-401c8c4000 rw-p 00000000 00:00 0                              
401c8c4000-401c8c5000 ---p 00000000 00:00 0                              
401c8c5000-401c966000 rw-p 00000000 00:00 0                              
401c966000-401c967000 ---p 00000000 00:00 0                              
401c967000-401ca08000 rw-p 00000000 00:00 0                              
401ca08000-401ca09000 ---p 00000000 00:00 0                              
401ca09000-401caaa000 rw-p 00000000 00:00 0                              
401caaa000-401caab000 ---p 00000000 00:00 0                              
401caab000-401cb4c000 rw-p 00000000 00:00 0                              
401cb4c000-401cb4d000 ---p 00000000 00:00 0                              
401cb4d000-401cbee000 rw-p 00000000 00:00 0                              
401cbee000-401cbef000 ---p 00000000 00:00 0                              
401cbef000-401cc90000 rw-p 00000000 00:00 0                              
401cc90000-401cc91000 ---p 00000000 00:00 0                              
401cc91000-401cd32000 rw-p 00000000 00:00 0                              
401cd32000-401cd33000 ---p 00000000 00:00 0                              
401cd33000-401cdd4000 rw-p 00000000 00:00 0                              
401cdd4000-401cdd5000 ---p 00000000 00:00 0                              
401cdd5000-401ce76000 rw-p 00000000 00:00 0                              
401ce76000-401ce77000 ---p 00000000 00:00 0                              
401ce77000-401cf18000 rw-p 00000000 00:00 0                              
401cf18000-401cf19000 ---p 00000000 00:00 0                              
401cf19000-401cfba000 rw-p 00000000 00:00 0                              
401cfba000-401cfbb000 ---p 00000000 00:00 0                              
401cfbb000-401d05c000 rw-p 00000000 00:00 0                              
401d05c000-401d05d000 ---p 00000000 00:00 0                              
401d05d000-401d0fe000 rw-p 00000000 00:00 0                              
401d0fe000-401d0ff000 ---p 00000000 00:00 0                              
401d0ff000-401d1a0000 rw-p 00000000 00:00 0                              
401d1a0000-401d1a1000 ---p 00000000 00:00 0                              
401d1a1000-401d242000 rw-p 00000000 00:00 0                              
401d242000-401d243000 ---p 00000000 00:00 0                              
401d243000-401d2e4000 rw-p 00000000 00:00 0                              
401d2e4000-401d2e5000 ---p 00000000 00:00 0                              
401d2e5000-401d386000 rw-p 00000000 00:00 0                              
401d386000-401d387000 ---p 00000000 00:00 0                              
401d387000-401d428000 rw-p 00000000 00:00 0                              
401d428000-401d429000 ---p 00000000 00:00 0                              
401d429000-401d4ca000 rw-p 00000000 00:00 0                              
401d4ca000-401d4cb000 r--p 00000000 fe:01 3870170                        /opt/ruby/lib/ruby/3.4.0+0/x86_64-linux/enc/encdb.so
401d4cb000-401d4cc000 r-xp 00001000 fe:01 3870170                        /opt/ruby/lib/ruby/3.4.0+0/x86_64-linux/enc/encdb.so
401d4cc000-401d4cd000 r--p 00002000 fe:01 3870170                        /opt/ruby/lib/ruby/3.4.0+0/x86_64-linux/enc/encdb.so
401d4cd000-401d4ce000 r--p 00002000 fe:01 3870170                        /opt/ruby/lib/ruby/3.4.0+0/x86_64-linux/enc/encdb.so
401d4ce000-401d4cf000 rw-p 00003000 fe:01 3870170                        /opt/ruby/lib/ruby/3.4.0+0/x86_64-linux/enc/encdb.so
401d4d0000-401d4e0000 rw-p 00000000 00:00 0                              
401d4ef000-401d4f0000 r--p 00000000 fe:01 3870214                        /opt/ruby/lib/ruby/3.4.0+0/x86_64-linux/enc/trans/transdb.so
401d4f0000-401d4f1000 r-xp 00001000 fe:01 3870214                        /opt/ruby/lib/ruby/3.4.0+0/x86_64-linux/enc/trans/transdb.so
401d4f1000-401d4f2000 r--p 00002000 fe:01 3870214                        /opt/ruby/lib/ruby/3.4.0+0/x86_64-linux/enc/trans/transdb.so
401d4f2000-401d4f3000 r--p 00002000 fe:01 3870214                        /opt/ruby/lib/ruby/3.4.0+0/x86_64-linux/enc/trans/transdb.so
401d4f3000-401d4f4000 rw-p 00003000 fe:01 3870214                        /opt/ruby/lib/ruby/3.4.0+0/x86_64-linux/enc/trans/transdb.so
401d4f4000-401d52a000 r--- 00000000 fe:01 1690625                        /opt/ruby/bin/ruby
401d52a000-401e852000 r--- 00000000 fe:01 1690976                        /opt/ruby/lib/libruby.so.3.4.0
401e852000-401ff77000 rw-p 00000000 00:00 0                              
401ff77000-4020195000 r--- 00000000 fe:01 1584508                        /usr/lib/x86_64-linux-gnu/libc.so.6
ffffffffff600000-ffffffffff601000 --xp 00000000 00:00 0                  [vsyscall]


qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault
Actions
Copy link
 #1 [ruby-core:116703]

Updated by eileencodes (Eileen Uchitelle) 3 months ago

I made an attempt to fix this at https://github.com/ruby/ruby/pull/9948. I added all the tests mentioned here. I'm not familiar with this code so I'm not 100% that this is right but in looking at lldb I noticed that the expr returned from last_expr_node was null and that's not what we want.

Actions
Copy link
 #2

Updated by eileencodes (Eileen Uchitelle) 2 months ago

  • Status changed from Open to Closed

Applied in changeset git|50ace992c75724aac6765b944f9017e21901e276.

[Bug #20234] Fix segv when parsing begin statement in method definition

In a method definition, the begin may not have an nd_body. When that
happens we get a null expr back from last_expr_node which causes a
segv for the following examples:

def (begin;end).foo; end
def (begin;else;end).foo; end
def (begin;ensure;else;end).foo; end

In addition, I've added tests for other cases that weren't causing a
segv but appeared untested.`

Fixes https://bugs.ruby-lang.org/issues/20234

Actions
Copy link

Also available in: Atom PDF

Like0
Like0Like0