Project

General

Profile

Bug #2035

Segfault in parser (list_concat_gen)

Added by Cezary (Cezary Baginski) over 10 years ago. Updated over 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
ruby -v:
ruby 1.9.2dev (2009-09-02 trunk 24738) [x86_64-linux]
Backport:
[ruby-core:25314]

Description

=begin
The following code:

 a = :a; "#{a} " "#{a} " "value #{a}"

causes a segfault in list_concat_gen.

A attached a new test (patch) for this in bootstraptest/test_literal.rb.

Here is a gdb session:
$ cat a.rb

a = 'a'; "#{a} " "#{a} " "value #{a}"
$ gdb --args ruby a.rb
------------- (snip) ---------------
(gdb) run
Starting program: /usr/local/bin/ruby a.rb
------------- (snip) ---------------
Program received signal SIGSEGV, Segmentation fault.
0x000000000046a099 in list_concat_gen (parser=0x92f740, head=0x81b398, tail=0x81b208) at parse.y:7785
7785 last->nd_next = tail;
(gdb) bt
#0 0x000000000046a099 in list_concat_gen (parser=0x92f740, head=0x81b398, tail=0x81b208) at parse.y:7785
#1 0x000000000046a3f1 in literal_concat_gen (parser=0x92f740, head=0x81b398, tail=0x81b208) at parse.y:7857
#2 0x000000000045f5b5 in ruby_yyparse (parser=0x92f740) at parse.y:3770
#3 0x000000000046202d in yycompile0 (arg=9631552, tracing=0) at parse.y:5004
#4 0x000000000052943a in ruby_suppress_tracing (func=0x461f0b , arg=9631552, always=2) at thread.c:3862
#5 0x00000000004621b8 in yycompile (parser=0x92f740, f=0x84f428 "a.rb", line=1) at parse.y:5030
#6 0x0000000000462726 in rb_parser_compile_file (vparser=8701280, f=0x84f428 "a.rb", file=8500680, start=1) at parse.y:5159
#7 0x00000000004b0436 in load_file_internal (arg=140737488342864) at ruby.c:1585
#8 0x000000000041b7d8 in rb_ensure (b_proc=0x4afdb2 , data1=140737488342864, e_proc=0x4b04cf , data2=1) at eval.c:680
#9 0x00000000004b054a in load_file (parser=8701280, fname=0x84f428 "a.rb", script=1, opt=0x7fffffffe080) at ruby.c:1613
------------- (snip) ---------------
(gdb) inspect *head
$1 = {flags = 47644, nd_file = 0x0, u1 = {node = 0x4, id = 4, value = 4, cfunc = 0x4, tbl = 0x4}, u2 = {node = 0x81b235, id = 8499765, argc = 8499765, value = 8499765}, u3 = {node = 0x81b370,
id = 8500080, state = 8500080, entry = 0x81b370, cnt = 8500080, value = 8500080}}
(gdb) inspect head->u3.node
$3 = (struct RNode *) 0x81b370
(gdb) inspect *head->u3.node
$4 = {flags = 42780, nd_file = 0x0, u1 = {node = 0x81b410, id = 8500240, value = 8500240, cfunc = 0x81b410, tbl = 0x81b410}, u2 = {node = 0x1, id = 1, argc = 1, value = 1}, u3 = {node = 0x81b348,
id = 8500040, state = 8500040, entry = 0x81b348, cnt = 8500040, value = 8500040}}
(gdb) inspect *head->u3.node->u2.node
Cannot access memory at address 0x1
(gdb) inspect head->u3.node->u2.node
$5 = (struct RNode *) 0x1
(gdb)
=end


Files

literal_segfault_assert.patch (518 Bytes) literal_segfault_assert.patch new test that causes segfault Cezary (Cezary Baginski), 09/03/2009 04:28 PM

History

#1

Updated by nobu (Nobuyoshi Nakada) over 10 years ago

  • Status changed from Open to Closed

=begin
Applied in changeset r24741.
=end

Also available in: Atom PDF