Backport #7402

Avoid calling methods on user objects from segfault handler

Added by charliesome (Charlie Somerville) about 7 years ago. Updated about 7 years ago.



When the segfault handler is listing loaded features, it iterates through $LOADED_FEATURES and calls StringValueCStr() on each item. This in turn calls #to_str on the object.

If a #to_str method is defined on a non-T_STRING, it is possible to have code run during the segfault handler. If an exception is raised or a tag is thrown, it is possible to escape the segfault handler and recover from a segmentation fault.

I've attached a patch that checks if an item in $LOADED_FEATURES is a T_STRING, and calls rb_any_to_s() if not. This will avoid calling any methods which could potentially call back into Ruby-land.


avoid-calling-methods-in-segfault-handler.patch (658 Bytes) avoid-calling-methods-in-segfault-handler.patch charliesome (Charlie Somerville), 11/19/2012 06:33 PM

Updated by mame (Yusuke Endoh) about 7 years ago

  • Status changed from Open to Assigned
  • Assignee set to ko1 (Koichi Sasada)
  • Target version set to 2.0.0

Updated by ko1 (Koichi Sasada) about 7 years ago

  • Assignee changed from ko1 (Koichi Sasada) to nobu (Nobuyoshi Nakada)

nobu, could you check it?


Updated by nobu (Nobuyoshi Nakada) about 7 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

This issue was solved with changeset r38041.
Charlie, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.

vm_dump.c: no methods in segv handler

  • vm_dump.c (rb_vm_bugreport): get rid of calling methods in sigsegv handler. based on a patch by charliesome (Charlie Somerville) [ruby-core:49573] [Bug #7402]

Updated by nobu (Nobuyoshi Nakada) about 7 years ago

  • Tracker changed from Bug to Backport
  • Project changed from Ruby master to Backport193
  • Status changed from Closed to Assigned
  • Assignee changed from nobu (Nobuyoshi Nakada) to usa (Usaku NAKAMURA)
  • Target version deleted (2.0.0)

Updated by naruse (Yui NARUSE) about 7 years ago

  • Status changed from Assigned to Closed

r38335 fixed testing issue: it generates garbage core file.

Also available in: Atom PDF