Project

General

Profile

Actions

Bug #5720

closed

Exceptions can be caused via eval that evade exception handling

Added by gabrielg (Gabriel Gironda) over 10 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
ruby -v:
1.9.2-p290, 1.9.3-p0, 1.9.3-HEAD
[ruby-core:41520]

Description

While poking at #5719, I discovered it's possible to cause an exception via Kernel#eval that leaks through any surrounding rescue block. Please see the gist for details. I tested against 1.9.2-p290, 1.9.3-p0, and HEAD of the 1.9.3 branch.

https://gist.github.com/ec12e41efda564ccac7a

Actions #1

Updated by nobu (Nobuyoshi Nakada) over 10 years ago

  • Status changed from Open to Closed
  • % Done changed from 0 to 100

This issue was solved with changeset r33970.
Gabriel, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.


  • vm.c (vm_set_top_stack, vm_set_eval_stack): check for stack
    overflow with stack_max before push new frame. [ruby-core:41520]
    [Bug #5720]
  • vm.c (vm_set_main_stack): no stack overflow chances after
    vm_set_eval_stack().

Updated by headius (Charles Nutter) over 6 years ago

A question about the test you added, nobu:

  def test_too_many_args_in_eval
    bug5720 = '[ruby-core:41520]'
    arg_string = (0...140000).to_a.join(", ")
    assert_raise(SystemStackError, bug5720) {eval "raise(#{arg_string})"}
  end

Why SystemStackError? Why isn't it ArgumentError, since raise does not take 140000 arguments?

In JRuby, we currently raise ArgumentError for this.

Updated by nobu (Nobuyoshi Nakada) over 6 years ago

It occurs when pushing arguments onto the VM stack, before the arity check.
The check cannot be before it since there may be splats.

Updated by usa (Usaku NAKAMURA) over 6 years ago

  • Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN, 2.3: UNKNOWN to 2.0.0: DONTNEED, 2.1: DONTNEED, 2.2: DONTNEED, 2.3: DONTNEED
Actions

Also available in: Atom PDF