Project

General

Profile

Actions
Copy link

Bug #21441

closed

SEGV during thread cleanup if profiler calls thread_profiles_frames at wrong time

Bug #21441: SEGV during thread cleanup if profiler calls thread_profiles_frames at wrong time

Added by luke-gru (Luke Gruber) 4 months ago. Updated 3 months ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
3.5.0
Backport:
3.2: UNKNOWN, 3.3: DONE, 3.4: DONE
[ruby-core:122548]

Description

During thread cleanup, if a ruby sampling profiler calls thread_profile_frames at just the wrong time, the ec's stack is cleared but the CFP still exists on the EC, so thread_profile_frames assumes it can walk the stack and crashes.

In rb_ec_clear_vm_stack, it should set cfp to NULL before clearing the stack. If during rc_ec_clear_vm_stack the process gets a signal and this thread handles it and calls thread_profile_frames, the early return check of if (!cfp) fails, it continues and crashes in this function.

Actions
Copy link

Also available in: PDF Atom