Project

General

Profile

Actions

Backport #4367

closed

Thread.kill segfaults when the object to be killed isn't a thread

Added by agrimm (Andrew Grimm) about 13 years ago. Updated over 11 years ago.

Status:
Closed
[ruby-core:35086]

Description

=begin
If something other than a thread is supplied to Thread.kill, a segfault occurs. For example, Thread.kill(nil) causes a segfault:

Andrew-Grimms-MacBook-Pro:~ agrimm$ ruby
Thread.kill(nil)
-:1: [BUG] Segmentation fault
ruby 1.9.3dev (2011-01-29 trunk 30720) [x86_64-darwin10.4.0]

-- Control frame information -----------------------------------------------
c:0004 p:---- s:0010 b:0010 l:000009 d:000009 CFUNC :kill
c:0003 p:0016 s:0006 b:0006 l:002358 d:000798 EVAL -:1
c:0002 p:---- s:0004 b:0004 l:000003 d:000003 FINISH
c:0001 p:0000 s:0002 b:0002 l:002358 d:002358 TOP

-- Ruby level backtrace information ----------------------------------------
-:1:in <main>' -:1:in kill'

-- See Crash Report log file under ~/Library/Logs/CrashReporter or ---------
-- /Library/Logs/CrashReporter, for the more detail of ---------------------
-- C level backtrace information -------------------------------------------

-- Other runtime information -----------------------------------------------

  • Loaded script: -

  • Loaded features:

    0 enumerator.so
    1 /Users/agrimm/.rvm/rubies/ruby-head/lib/ruby/1.9.1/x86_64-darwin10.4.0/enc/encdb.bundle
    2 /Users/agrimm/.rvm/rubies/ruby-head/lib/ruby/1.9.1/x86_64-darwin10.4.0/enc/trans/transdb.bundle
    3 /Users/agrimm/.rvm/rubies/ruby-head/lib/ruby/1.9.1/rubygems/defaults.rb
    4 /Users/agrimm/.rvm/rubies/ruby-head/lib/ruby/1.9.1/x86_64-darwin10.4.0/rbconfig.rb
    5 /Users/agrimm/.rvm/rubies/ruby-head/lib/ruby/1.9.1/thread.rb
    6 /Users/agrimm/.rvm/rubies/ruby-head/lib/ruby/1.9.1/rubygems/exceptions.rb
    7 /Users/agrimm/.rvm/rubies/ruby-head/lib/ruby/1.9.1/rubygems/custom_require.rb
    8 /Users/agrimm/.rvm/rubies/ruby-head/lib/ruby/1.9.1/rubygems.rb

[NOTE]
You may have encountered a bug in the Ruby interpreter or extension libraries.
Bug reports are welcome.
For details: http://www.ruby-lang.org/bugreport.html

Abort trap
=end


Files

ruby_2011-02-05-003336_Andrew-Grimms-MacBook-Pro.crash (4.29 KB) ruby_2011-02-05-003336_Andrew-Grimms-MacBook-Pro.crash Crash Report log file agrimm (Andrew Grimm), 02/04/2011 10:43 PM
thread_kill_subclass.patch (451 Bytes) thread_kill_subclass.patch nagachika (Tomoyuki Chikanaga), 06/09/2011 11:21 PM
Actions #1

Updated by kosaki (Motohiro KOSAKI) about 13 years ago

=begin
2011/2/4 Andrew Grimm :

Bug #4367: Thread.kill segfaults when the object to be killed isn't a thread
http://redmine.ruby-lang.org/issues/show/4367

Author: Andrew Grimm
Status: Open, Priority: Normal
ruby -v: ruby 1.9.3dev (2011-01-29 trunk 30720) [x86_64-darwin10.4.0]

If something other than a thread is supplied to Thread.kill, a segfault occurs. For example, Thread.kill(nil) causes a segfault:

Andrew-Grimms-MacBook-Pro:~ agrimm$ ruby
Thread.kill(nil)
-:1: [BUG] Segmentation fault
ruby 1.9.3dev (2011-01-29 trunk 30720) [x86_64-darwin10.4.0]

Good catch!

Yes, current GetThreadPtr has no type check and can makes bad cast.
I'll fix it soon.

=end

Actions #2

Updated by kosaki (Motohiro KOSAKI) about 13 years ago

  • Status changed from Open to Closed
  • % Done changed from 0 to 100

=begin
This issue was solved with changeset r30781.
Andrew, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.


  • vm_core.h (GetThreadPtr): use TypedData_Get_Struct() instead
    CoreDataFromValue() because we need type check. Otherwise,
    type mismatch can cause segmentation fault crash.
    [ruby-core:35086] [Ruby 1.9-Bug#4367]

    • vm.c (thread_data_type): remove static.
      =end
Actions #3

Updated by kosaki (Motohiro KOSAKI) about 13 years ago

  • Category set to core
  • Status changed from Closed to Assigned
  • Assignee set to yugui (Yuki Sonoda)
  • Target version set to 1.9.2

=begin
I bet this need to be backported.
=end

Actions #4

Updated by nobu (Nobuyoshi Nakada) about 13 years ago

  • Category set to core

=begin

=end

Actions #5

Updated by yugui (Yuki Sonoda) almost 13 years ago

  • Status changed from Assigned to Closed

This issue was solved with changeset r31402.
Andrew, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.


Updated by nagachika (Tomoyuki Chikanaga) almost 13 years ago

Hi,

I found by change current 1.9.2-head raise TypeError like below.

class T < Thread
end
t = T.new { sleep }
Thread.kill(t) #=> TypeError

I attach a patch for it.
And test for it was commited by r31967 in trunk. Please backport that.

Regard,

Updated by nagachika (Tomoyuki Chikanaga) almost 13 years ago

Sorry, I forgot to attach the patch. here it is.

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0