Bug #20239
closed
Segmentation fault when using Regex on a large String
Description
Since v3.2.0 ruby crashes with segmentation fault on the following script with a [BUG] Segmentation fault at ...
require "rbconfig/sizeof"
("\u{0101}" + "a" * RbConfig::LIMITS["INT_MAX"] + "b").match(/b/)
Crash can be reproduced on the following ruby versions:
- ruby 3.2.0 (2022-12-25 revision a528908271) [aarch64-linux]
- ruby 3.2.3 (2024-01-18 revision 52bb2ac0a6) [aarch64-linux]
- ruby 3.3.0 (2023-12-25 revision 5124f9ac75) [aarch64-linux]
ruby 3.1.4p223 (2023-03-30 revision 957bb7cb81) [aarch64-linux] works as expected
It seems that call to enclen inside str_lower_case_match returns negative offset in this case https://bugs.ruby-lang.org/projects/ruby-master/repository/git/revisions/v3_3_0/entry/regexec.c#L4180
Updated by nobu (Nobuyoshi Nakada) 11 months ago
- Status changed from Open to Closed
Applied in changeset git|75aaeb35b82da26359b9418d2963384d0c55839c.
[Bug #20239] Fix overflow at down-casting
Updated by nagachika (Tomoyuki Chikanaga) 6 months ago
- Backport changed from 3.0: UNKNOWN, 3.1: UNKNOWN, 3.2: UNKNOWN, 3.3: UNKNOWN to 3.2: REQUIRED, 3.3: REQUIRED
Updated by nagachika (Tomoyuki Chikanaga) 6 months ago
- Backport changed from 3.2: REQUIRED, 3.3: REQUIRED to 3.2: DONE, 3.3: REQUIRED
ruby_3_2 2b35d80834f14011f7d313f8fac7855dc9949f70 merged revision(s) 75aaeb35b82da26359b9418d2963384d0c55839c.
Updated by k0kubun (Takashi Kokubun) 6 months ago
- Backport changed from 3.2: DONE, 3.3: REQUIRED to 3.2: DONE, 3.3: DONE
ruby_3_3 df8a08fb6a1f173a9c25db15fbe390096f39c2ff merged revision(s) 75aaeb35b82da26359b9418d2963384d0c55839c.