Project

General

Profile

Actions

Bug #20239

closed

Segmentation fault when using Regex on a large String

Added by martinsp (Martins Polakovs) 4 months ago. Updated 4 months ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
ruby 3.3.0 (2023-12-25 revision 5124f9ac75) [aarch64-linux]
[ruby-core:116597]

Description

Since v3.2.0 ruby crashes with segmentation fault on the following script with a [BUG] Segmentation fault at ...

require "rbconfig/sizeof"
("\u{0101}" + "a" * RbConfig::LIMITS["INT_MAX"] + "b").match(/b/)

Crash can be reproduced on the following ruby versions:

  • ruby 3.2.0 (2022-12-25 revision a528908271) [aarch64-linux]
  • ruby 3.2.3 (2024-01-18 revision 52bb2ac0a6) [aarch64-linux]
  • ruby 3.3.0 (2023-12-25 revision 5124f9ac75) [aarch64-linux]

ruby 3.1.4p223 (2023-03-30 revision 957bb7cb81) [aarch64-linux] works as expected

It seems that call to enclen inside str_lower_case_match returns negative offset in this case https://bugs.ruby-lang.org/projects/ruby-master/repository/git/revisions/v3_3_0/entry/regexec.c#L4180

Actions #1

Updated by nobu (Nobuyoshi Nakada) 4 months ago

  • Status changed from Open to Closed

Applied in changeset git|75aaeb35b82da26359b9418d2963384d0c55839c.


[Bug #20239] Fix overflow at down-casting

Actions

Also available in: Atom PDF

Like0
Like0