Backport #7402
closedAvoid calling methods on user objects from segfault handler
Description
When the segfault handler is listing loaded features, it iterates through $LOADED_FEATURES and calls StringValueCStr() on each item. This in turn calls #to_str on the object.
If a #to_str method is defined on a non-T_STRING, it is possible to have code run during the segfault handler. If an exception is raised or a tag is thrown, it is possible to escape the segfault handler and recover from a segmentation fault.
I've attached a patch that checks if an item in $LOADED_FEATURES is a T_STRING, and calls rb_any_to_s() if not. This will avoid calling any methods which could potentially call back into Ruby-land.
Files
Updated by mame (Yusuke Endoh) over 11 years ago
- Status changed from Open to Assigned
- Assignee set to ko1 (Koichi Sasada)
- Target version set to 2.0.0
Updated by ko1 (Koichi Sasada) over 11 years ago
- Assignee changed from ko1 (Koichi Sasada) to nobu (Nobuyoshi Nakada)
nobu, could you check it?
Updated by nobu (Nobuyoshi Nakada) over 11 years ago
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
This issue was solved with changeset r38041.
Charlie, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.
vm_dump.c: no methods in segv handler
- vm_dump.c (rb_vm_bugreport): get rid of calling methods in sigsegv
handler. based on a patch by charliesome (Charlie Somerville)
[ruby-core:49573] [Bug #7402]
Updated by nobu (Nobuyoshi Nakada) over 11 years ago
- Tracker changed from Bug to Backport
- Project changed from Ruby master to Backport193
- Status changed from Closed to Assigned
- Assignee changed from nobu (Nobuyoshi Nakada) to usa (Usaku NAKAMURA)
- Target version deleted (
2.0.0)
Updated by naruse (Yui NARUSE) over 11 years ago
- Status changed from Assigned to Closed
r38335 fixed testing issue: it generates garbage core file.